Thanks Al. virustotal.com doesn't show any problems with the file, but a site called Gary's Hood does:
https://www.virustotal.com/en/file/14b2420f7490e612b9f0c65af180268b2ad41c3ec209b42f4d085aacb8ef973f/analysis/1478535605/ http://www.garyshood.com/virus/results.php?r=13710b10bf25b727cbf32c29d9ba3a56 The penetration testers use the file (MD5 #: 13710b10bf25b727cbf32c29d9ba3a56) as part of their AV testing. R On 7 November 2016 at 16:12, Al Varnell <alvarn...@mac.com> wrote: > Try uploading it to <https://www.virustotal.com/> and give us the link to > the analysis page. I don’t find that anything with that MD5 has been > uploaded. > > -Al- > > On Mon, Nov 07, 2016 at 07:25 AM, Richard McCombie wrote: > > > > I uploaded a small ASCII-format file, which, like the EICAR test file, is > > supposed to trigger a warning from AV software. I'd be happy to email > this > > to the appropriate address, but I won't do that until someone can confirm > > which address I can use without breaking any rules. > > > > Thank you for your help. > > > > On 7 November 2016 at 15:21, Al Varnell wrote: > > > >> I’m a bit confused by this. Did you send a virus signature or did you > >> upload malware? Those are not at all the same thing. > >> > >> -Al- > >> > >> On Mon, Nov 07, 2016 at 06:05 AM, Richard McCombie wrote: > >>> > >>> Thanks Joel. > >>> > >>> I have subscribed to community-sigs; the welcome message informs me > that > >>> virus samples are not to be sent to the list: > >>> > >>> Welcome to the community-s...@lists.clamav.net mailing list! DO NOT > >>> SEND VIRUS SAMPLES HERE!!! Send them through our web interface at > >>> http://www.clamav.net/sendvirus > >>> > >>> On 7 November 2016 at 14:01, Joel Esler (jesler) wrote: > >>> > >>>> The processing that comes in through the website is largely automated. > >>>> Submitting signatures should be done through the community-sigs list, > >>>> until > >>>> we make a submission method through the website. > >>>> > >>>> Sent from my iPad > >>>> > >>>> On Nov 7, 2016, at 6:45 AM, Richard McCombie wrote: > >>>>> > >>>>> Good morning, > >>>>> > >>>>> I submitted a virus signature (at http://www.clamav.net/reports/ > >>>>> malware > >>>>> ) > >>>>> on 17th October. I used the name Richard McCombie for this. > >>>>> > >>>>> It would be great if you could incorporate this virus sample into > your > >>>>> database of virus signatures. I am working on helping a client pass > >>>>> their > >>>>> penetration test; they are currently failing the test, because this > >>>>> virus > >>>>> sample, which is detected as a virus by other scanners, passes the > >>>>> ClamAV > >>>>> scan undetected. > >>>>> > >>>>> The MD5 hash of the file I submitted is: > 13710b10bf25b727cbf32c29d9ba3a > >>>>> 56 > >>>>> > >>>>> If you want me to resubmit this file, that is no problem. > >>>>> > >>>>> Many thanks, in advance, > >>>>> > >>>>> > >>>>> Richard > > _______________________________________________ > clamav-users mailing list > clamav-users@lists.clamav.net > http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users > > > Help us build a comprehensive ClamAV guide: > https://github.com/vrtadmin/clamav-faq > > http://www.clamav.net/contact.html#ml > -- Richard McCombie DevOps Engineer Do you want to work at Onfido? Check out our open positions <https://onfido.com/careers> If you received this communication by mistake, please don't forward it to anyone else (it may contain confidential or privileged information), please erase all copies of it, including all attachments, and please let the sender know it went to the wrong person. Thanks. _______________________________________________ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
