I've seen that issue with VirusTotal and McAfee detections late last year with Downloader.cjx. virustotal said that Mcafee detected it, and yet when I performed my own test using the latest McAfee engine/DATs, McAfee really did not detect it.
Mike B Michael P. Blanchard Senior Security Engineer, CISSP, GCIH, CCSA-NGX, MCSE Office of Information Security & Risk Management EMC ² Corporation 32 Coslin Drive Southboro, MA 01772 -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of Nick FitzGerald Sent: Wednesday, January 19, 2011 1:42 PM To: 'funsec' Subject: Re: [funsec] Some of y'all might like this (virus link) Thomas J. Raef to Chris Boyd: > > This came in a spam today. > > > > http download card.exe from 200.223.205.137 > > > > Don't know what it is, but ClamAV latest version for Mac says it's not > > hostile. Funny, but I don't beleive that. > > [>] <sarcasm>Wait! It's not harmful to a "Mac", right? They're not > vulnerable to viruses are they?</sarcasm> > > So ClamAV must know that and therefore doesn't think it's harmful. It seems odd that it was not detected, as according to this: http://www.virustotal.com/file-scan/report.html?id=4cc69ba312e2554f3070468398f339b44210ad4838c24ebe50debf02de3e019c-1294820720 ClamAV has been detecting that file since at least 2011-01-12 08:25:20 UTC... Regards, Nick FitzGerald _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list. _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
