On 8/7/2015 9:20 AM, Gene Heskett wrote:
On Friday 07 August 2015 04:46:31 Steve Basford wrote:
Just in case it's useful...
---------------------------- Original Message
---------------------------- Subject: [sanesecurity] Hacking Team
detection
From: "Steve Basford" <steveb_cla...@sanesecurity.com>
Date: Fri, August 7, 2015 9:43 am
To: sanesecurity_annou...@freelists.org
Cc: sanesecur...@freelists.org
----------------------------------------------------------------------
----
Rook Security (www.rooksecurity.com) have analysed the recent Hacking
Team data dump (400GB) and produced a utility to scan systems for
these files.
Sanesecuriy have converted their analysis into 435 hashes into ClamAV
database format.
With Rook Security’s permission, I’ve placed a new database:
hackingteam.hsb
on the mirrors for distribution.
Note the hashes are for Windows, Linux and Mac OSx systems.
Steve:
Thank you, but for those of us who haven't played with our configuration
for quite a while as its been Just Working(TM) for a year or more, a
pointer to a URL showing how to incorporate this into the working
configs we have would be appropriate.
If you are already using some of Sanesecurity's signatures, take a look
at the update scripts you are currently using and add hackingteam.hsb to
the list of databases.
If not, take a look here for some scripts you can use to get the databases:
http://sanesecurity.com/usage/linux-scripts/
hackingteam.hsb is probably not in the config for those scripts yet, so
you'll have to add it.
--
Bowie
_______________________________________________
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/contact.html#ml