[clamav-users] FN with unknown virus attachment
Hi, I'm using clamav-0.98.4 on fedora20 with the sanesecurity and safebrowsing sigs and still seeing an unknown virus pass through our systems. I've submitted it to the clamav false-negative upload, but haven't received a response, and 24hrs later it's still not being tagged. I was hoping someone could help me identify it and determine the risk. I'm in the process of building a win7 test vm, but haven't been able to otherwise safely open the Word doc attachment yet. It appears to contain a Word macro and an embedded link. Any ideas greatly appreciated. Please let me know if you want me to forward this to you directly or need more information. http://pastebin.com/5UuGrbXt Thanks, Alex ___ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/support/ml
Re: [clamav-users] FN with unknown virus attachment
Thanks Alex, We'll have a look. -- Joel Esler Sent from my iPhone On Jun 21, 2014, at 9:00, Alex mysqlstud...@gmail.com wrote: Hi, I'm using clamav-0.98.4 on fedora20 with the sanesecurity and safebrowsing sigs and still seeing an unknown virus pass through our systems. I've submitted it to the clamav false-negative upload, but haven't received a response, and 24hrs later it's still not being tagged. I was hoping someone could help me identify it and determine the risk. I'm in the process of building a win7 test vm, but haven't been able to otherwise safely open the Word doc attachment yet. It appears to contain a Word macro and an embedded link. Any ideas greatly appreciated. Please let me know if you want me to forward this to you directly or need more information. http://pastebin.com/5UuGrbXt Thanks, Alex ___ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/support/ml ___ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/support/ml
Re: [clamav-users] FN with unknown virus attachment
On Sat, June 21, 2014 2:00 pm, Alex wrote: Hi, I'm using clamav-0.98.4 on fedora20 with the sanesecurity and safebrowsing sigs and still seeing an unknown virus pass through our systems. I've submitted it to the clamav false-negative upload, but haven't received a response, and 24hrs later it's still not being tagged. I was hoping someone could help me identify it and determine the risk. Hi Alex, Just seen the sample posted and it's an interesting one. Detection added, in both rogue.hdb and also mainly, phish.ndb. Should be on the mirrors right now. Cheers, Steve Sanesecurity.com ___ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/support/ml