I just added Doc.Dropper.Agent-6136130-0 to the scan system, it should be published today.
-- Joel Esler | Talos: Manager | jes...@cisco.com<mailto:jes...@cisco.com> On Mar 22, 2017, at 9:43 AM, Alex <mysqlstud...@gmail.com<mailto:mysqlstud...@gmail.com>> wrote: Hi, How long does it typically take for a sample to be analyzed and a pattern to be created? Generally speaking, a couple hours (sometimes 4, sometimes 8, depending on automation schedules) Because it was encrypted, it may be a bit more difficult, so I'll have to look into it. What is the sha256 hash of the file? # sha256sum r564t97y168d2.docx a68e789e8306e697874d155191376124e13e44f144b11a678a37e44036a3668d r564t97y168d2.docx I also included the password to decrypt it, "Vo1UPMQBgITg" as was included with the email when it was received. I don't even bother reporting them to sophos, et al because it's sometimes days before they're added. I was expecting better from clamav... Interesting, considering Sophos is not a free product. Yes, sometimes (most times?) it's days. alex _______________________________________________ clamav-users mailing list clamav-users@lists.clamav.net<mailto:clamav-users@lists.clamav.net> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml _______________________________________________ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml