date:20151020

Re: [clamav-users] Identifying jar virus file

2015-10-20 Thread Al Varnell

According to this, Sophos should see it as Troj/JavaBz-ZO:

 submitted yesterday.

Microsoft detects it as Trojan:Java/Adwind.P
and Kaspersky calls it Trojan.Java.Adwind.af

-Al-

On Tue, Oct 20, 2015 at 06:14 AM, Alex wrote:
> 
> On Mon, Oct 19, 2015 at 9:59 PM, Alain Zidouemba
>  wrote:
>> Send the sample here: http://www.clamav.net/reports/malware
>> 
>> Provide the MD5 or SHA256 of the sample on this mailing list.
> 
> afa496ee1ffaba2ba17ddd50f9163bef  PaymentInvoice.jar
> 
> I'd really appreciate hearing from someone regarding whether this is a
> new virus or there is some other explanation about this file.
> 
> Thanks,
> Alex
> 
>> 
>> Thanks,
>> 
>> - Alain
>> 
>> On Mon, Oct 19, 2015 at 7:28 PM, Alex  wrote:
>> 
>>> Hi,
>>> I have a jar file that is apparently identified as a virus by
>>> Microsoft as "Trojan.Java.Adwind.af" but not a virus by either clamav
>>> or sophos. Microsoft apparently first identified this early this year,
>>> so I'm curious why it's not being tagged by clamav or sophos.
>>> 
>>> I know I can upload a sample, but I'm more interested in knowing if
>>> Microsoft is identifying this as an FP, or otherwise why clamav and
>>> sophos aren't identifying it.
>>> 
>>> Where can I upload a binary file and hopefully ask that someone
>>> investigate it for me?
>>> 
>>> Thanks so much,
>>> Alex
>>> ___
>>> Help us build a comprehensive ClamAV guide:
>>> https://github.com/vrtadmin/clamav-faq
>>> 
>>> http://www.clamav.net/contact.html#ml
>>> 
>> ___
>> Help us build a comprehensive ClamAV guide:
>> https://github.com/vrtadmin/clamav-faq
>> 
>> http://www.clamav.net/contact.html#ml
> ___
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
> 
> http://www.clamav.net/contact.html#ml

-Al-
-- 
Al Varnell
Mountain View, CA






smime.p7s
Description: S/MIME cryptographic signature
___
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Identifying jar virus file

2015-10-20 Thread Alex

Hi,

On Tue, Oct 20, 2015 at 11:57 AM, Al Varnell  wrote:
> According to this, Sophos should see it as Troj/JavaBz-ZO:
> 
>  submitted yesterday.
>
> Microsoft detects it as Trojan:Java/Adwind.P
> and Kaspersky calls it Trojan.Java.Adwind.af

Yes, I just submitted it to them and now they have it in their signatures.

I'm just very surprised to see this virus wasn't already being
detected by both clamav and sophos. It wasn't until the customer
alerted me that their desktop scanner had caught it that we were made
aware :-(

Thanks,
Alex
___
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Identifying jar virus file

2015-10-20 Thread Alex

On Mon, Oct 19, 2015 at 9:59 PM, Alain Zidouemba
 wrote:
> Send the sample here: http://www.clamav.net/reports/malware
>
> Provide the MD5 or SHA256 of the sample on this mailing list.

afa496ee1ffaba2ba17ddd50f9163bef  PaymentInvoice.jar

I'd really appreciate hearing from someone regarding whether this is a
new virus or there is some other explanation about this file.

Thanks,
Alex

>
> Thanks,
>
> - Alain
>
> On Mon, Oct 19, 2015 at 7:28 PM, Alex  wrote:
>
>> Hi,
>> I have a jar file that is apparently identified as a virus by
>> Microsoft as "Trojan.Java.Adwind.af" but not a virus by either clamav
>> or sophos. Microsoft apparently first identified this early this year,
>> so I'm curious why it's not being tagged by clamav or sophos.
>>
>> I know I can upload a sample, but I'm more interested in knowing if
>> Microsoft is identifying this as an FP, or otherwise why clamav and
>> sophos aren't identifying it.
>>
>> Where can I upload a binary file and hopefully ask that someone
>> investigate it for me?
>>
>> Thanks so much,
>> Alex
>> ___
>> Help us build a comprehensive ClamAV guide:
>> https://github.com/vrtadmin/clamav-faq
>>
>> http://www.clamav.net/contact.html#ml
>>
> ___
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml
___
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Identifying jar virus file

Re: [clamav-users] Identifying jar virus file

Re: [clamav-users] Identifying jar virus file

3 matches

Site Navigation

Mail list logo

Footer information