In June I manually submitted a suspicious Javascript file and got "Our
initial assessment has verified the sample as a threat & we will be
publishing signatures for ClamAV." But even a month after I submitted,
Jotti still reported that ClamAV didn't detect the file.
So I tried re-submitting it again via the web form but subsequent
submissions of the same file got no response. As of today, Jotti still
says that ClamAV doesn't detect it.
The SHA1 hash of the suspicious file in question is
d2058d5fdd9c4551f7c888d6673a6dbc780b095d. Thank you.
On 8/5/21 3:12 AM, G.W. Haywood via clamav-users wrote:
Hi there,
We have just received this response to one of our automated submissions:
8<----------------------------------------------------------------------
On Thu, 5 Aug 2021, nore...@clamav.com wrote:
G.W. Haywood,
Thank you again for your submission.
Your File:
da741cdec6a0db5f40b79cbfbe300761450d216159ea83533d754d7de43cf6a3
(SHA256:
fc1e483dbb60d49205e3d238b3d090e6cc7a49b775bf4e519aba7117ab3a5b43)
Our initial assessment shows that this file is possibly clean. If
you provided a description that suggests otherwise, we will further
examine the sample & proceed from there.
-The ClamAV team
8<----------------------------------------------------------------------
Here's the result of our check against fifteen scanners, available via
Jotti's extremely useful service, and which is run before each of the
submissions made by our system:
8<----------------------------------------------------------------------
clamav.net Found nothing
f-prot.com Found nothing
k7computing.com Found nothing
trendmicro.com Found nothing
fortinet.com MSIL/Kryptik.DZG!tr
eset.com MSIL/Spy.Agent.AES
sophos.com Mal/RarMal-C
anti-virus.by Malware-Cryptor.MSIL.AgentTesla.Heur
bitdefender.com Trojan.GenericKD.46737949
escanav.com Trojan.GenericKD.46737949
gdatasoftware.com Trojan.GenericKD.46737949
ikarus.at Trojan.Inject
drweb.com Trojan.PackedNET.964
f-secure.com Trojan:W32/MaliciousAttachment.F
avast.com Win32:PWSX-gen
8<----------------------------------------------------------------------
This is one of the clearer threat reports, and I'm surprised by the
initial assessment from the ClamAV team. The report was sent using
the 'clamsubmit' utility, which does not offer an option to provide
a description of the malware.
What should I do now?
_______________________________________________
clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/contact.html#ml
