subject:"\[clamav\-users\] Virus Malvare not detected"

Re: [clamav-users] Virus Malvare not detected

2017-11-17 Thread ungifted01



14.11.2017 15:00, Al Varnell пишет:
> According to VirusTotal, ClamAV does detect it as Doc.Dropper.Agent-6369707-0
>   
> >
> 
> but go ahead and try to submit it anyway.

Sometime they fails :)

[quote]
Date: Thu, 16 Nov 2017 17:22:01 + (UTC)
From: nore...@clamav.com
Your File: November_Order (SHA256: 
5562475251b33753a7967ce6972a1ab146d89cbc6673e5fbd364f55419e51260)
Our initial assessment shows that this file is possibly clean. If you provided 
a description that suggests otherwise, we will further examine the sample & 
proceed from there.
-The ClamAV team
[/quote]

https://www.virustotal.com/en/file/5562475251b33753a7967ce6972a1ab146d89cbc6673e5fbd364f55419e51260/analysis/
SHA256: 5562475251b33753a7967ce6972a1ab146d89cbc6673e5fbd364f55419e51260
File name:  November_Order.doc
Detection ratio:24 / 59
Analysis date:  2017-11-16 20:54:05 UTC ( 11 hours, 17 minutes ago ) 
ClamAV  Doc.Dropper.Agent-6374970-0 20171115

___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Virus Malvare not detected

2017-11-15 Thread Joel Esler (jesler)

Doc.Dropper.Agent is automated.  Sounds like someone submitted the file to 
Clamav.net<http://Clamav.net> or one my other automated systems that produces 
detection.

--
Joel Esler | Talos: Manager | jes...@cisco.com<mailto:jes...@cisco.com>






On Nov 15, 2017, at 7:09 PM, Al Varnell 
mailto:alvarn...@mac.com>> wrote:

Yes, both those signatures were added in daily - 24045 last night (my time).

-Al-

On Wed, Nov 15, 2017 at 01:14 PM, Mark Foley wrote:

Actually, the clamscanner is now finding these files, so someone must have
updated something since yesterday (which is when these files came in):

/home/HPRS/matkeson/Maildir/.SENT/cur/1510671208.M989641P17402.mail,S=203527,W=206204:2,S:
 Doc.Dropper.Agent-6374331-0 FOUND
/home/HPRS/matkeson/Maildir/.SENT/cur/1510671208.M989641P17402.mail,S=203527,W=206204:2,S!MAIL:InvoiceETT3600920.doc!...!(3)ZIP:docProps/core.xml:
 Doc.Dropper.Agent-6374331-0 FOUND

I'll go ahead and submit my file anyway, in case this is something different.

--Mark

-Original Message-
From: Steven Morgan mailto:smor...@sourcefire.com>>
Date: Wed, 15 Nov 2017 15:50:31 -0500
To: ClamAV users ML 
mailto:clamav-users@lists.clamav.net>>
Subject: Re: [clamav-users] Virus Malvare not detected

Mark,

Please open a bug report about this issue at 
bugzilla.clamav.net<http://bugzilla.clamav.net>. Please
include your file and we can look into the issues.

Thanks,
Steve



On Wed, Nov 15, 2017 at 2:45 PM, Mark Foley 
mailto:mfo...@novatec-inc.com>> wrote:

I'm going to continue piggybacking onto this thread as it deals with
Clamav's
non-discovery of the malware attached to messages with the subject "Invoice
...". Although, I don't know if this is the same type of attachment.

The attachments I've been getting are .docx file named as .doc files. In
examining the contents of these archives I find:

$ unzip -l InvoiceZGC3020188.doc
Archive:  InvoiceZGC3020188.doc
Length  DateTimeName
-  -- -   
   1510  01-01-1980 00:00   [Content_Types].xml
590  01-01-1980 00:00   _rels/.rels
   1226  01-01-1980 00:00   word/_rels/document.xml.rels
   5097  01-01-1980 00:00   word/document.xml
   5424  01-01-1980 00:00   word/media/image1.emf
 132276  01-01-1980 00:00   word/media/image2.png
   6850  01-01-1980 00:00   word/theme/theme1.xml
   6144  01-01-1980 00:00   word/embeddings/oleObject1.bin
   4809  01-01-1980 00:00   word/settings.xml
   1299  01-01-1980 00:00   word/fontTable.xml
576  01-01-1980 00:00   word/webSettings.xml
995  01-01-1980 00:00   docProps/app.xml
  29121  01-01-1980 00:00   word/styles.xml
732  01-01-1980 00:00   docProps/core.xml
- ---
 196649 14 files

"Normal" .docx files do not have the oleObject1.bin as an archive members.
I do
have ScanOLE2 and OLE2BlockMacros enabled. So why isn't clamav detecting
this
oleObject1.bin member?

(To where should I submit a sample of this attachment?)

--Mark

-Original Message-
From: Mark Foley mailto:mfo...@novatec-inc.com>>
Date: Wed, 15 Nov 2017 13:18:23 -0500
Organization: Novatec Software Engineering, LLC
To: clamav-users@lists.clamav.net<mailto:clamav-users@lists.clamav.net>

I'm having this same issue. The problem as I see it is that the .doc
attached to
these "Invoice" message is encrypted and clamav does not see what's
inside. I'm
discussing this encrypted attachment issue in my thread, subject: "password
protected encrypted .docx files". I'm continuing to research this.

--Mark

On Wed, 15 Nov 2017 15:09:59 -0300 Emanuel 
mailto:emanuel.gonza...@donweb.com>>
wrote:

Other virus not detected

https://www.virustotal.com/#/file/6b7b11077b2bcdbce94eff73722a4f
78103d2e87bd4331654bc65c0daeb176dd/detection


El 14/11/17 a las 09:52, Emanuel escribió:
Scan the attachment, clamav not detect this file.


El 14/11/17 a las 09:51, Al Varnell escribió:
You mentioned two attachments. Kaspersky and ClamXAV appear to catch
the first one, but neither catch the second one you showed us. The
SHA246 for a file is the same no matter what scanner is used.

-Al-

On Tue, Nov 14, 2017 at 04:36 AM, Emanuel wrote:
the first scan is with kaspersky online


El 14/11/17 a las 09:31, Al Varnell escribió:
That's not the same file you showed before. The SHA256 is different.

-Al-

On Tue, Nov 14, 2017 at 04:23 AM, Emanuel wrote:
Please see

https://www.virustotal.com/es-ar/file/
323cb1d2f3b9d0678a8e017fedad1da2768c0eb65111937d03c19e0c053b
5da4/analysis/1510662252/
<https://www.virustotal.com/es-ar/file/
323cb1d2f3b9d0678a8e017fedad1da2768c0eb65111937d03c19e0c053b
5da4/analysis/1510662252/>
<https://www.virustotal.com/es-ar/file/
323cb1d2f3b9d0678a8e017fedad1da2768c0eb65111937d03c19e0c053b
5da4/analysis/1510662252/
<https://www.virustotal.com/es-ar/file/
323cb1d2f3b9d0678a8e

Re: [clamav-users] Virus Malvare not detected

2017-11-15 Thread Al Varnell

Yes, both those signatures were added in daily - 24045 last night (my time).

-Al-

On Wed, Nov 15, 2017 at 01:14 PM, Mark Foley wrote:
> 
> Actually, the clamscanner is now finding these files, so someone must have
> updated something since yesterday (which is when these files came in):
> 
> /home/HPRS/matkeson/Maildir/.SENT/cur/1510671208.M989641P17402.mail,S=203527,W=206204:2,S:
>  Doc.Dropper.Agent-6374331-0 FOUND
> /home/HPRS/matkeson/Maildir/.SENT/cur/1510671208.M989641P17402.mail,S=203527,W=206204:2,S!MAIL:InvoiceETT3600920.doc!...!(3)ZIP:docProps/core.xml:
>  Doc.Dropper.Agent-6374331-0 FOUND
> 
> I'll go ahead and submit my file anyway, in case this is something different.
> 
> --Mark
>> 
>> -Original Message-
>> From: Steven Morgan 
>> Date: Wed, 15 Nov 2017 15:50:31 -0500
>> To: ClamAV users ML 
>> Subject: Re: [clamav-users] Virus Malvare not detected
>> 
>> Mark,
>> 
>> Please open a bug report about this issue at bugzilla.clamav.net. Please
>> include your file and we can look into the issues.
>> 
>> Thanks,
>> Steve
>> 
>> 
>> 
>> On Wed, Nov 15, 2017 at 2:45 PM, Mark Foley  wrote:
>> 
>>> I'm going to continue piggybacking onto this thread as it deals with
>>> Clamav's
>>> non-discovery of the malware attached to messages with the subject "Invoice
>>> ...". Although, I don't know if this is the same type of attachment.
>>> 
>>> The attachments I've been getting are .docx file named as .doc files. In
>>> examining the contents of these archives I find:
>>> 
>>> $ unzip -l InvoiceZGC3020188.doc
>>> Archive:  InvoiceZGC3020188.doc
>>>  Length  DateTimeName
>>> -  -- -   
>>> 1510  01-01-1980 00:00   [Content_Types].xml
>>>  590  01-01-1980 00:00   _rels/.rels
>>> 1226  01-01-1980 00:00   word/_rels/document.xml.rels
>>> 5097  01-01-1980 00:00   word/document.xml
>>> 5424  01-01-1980 00:00   word/media/image1.emf
>>>   132276  01-01-1980 00:00   word/media/image2.png
>>> 6850  01-01-1980 00:00   word/theme/theme1.xml
>>> 6144  01-01-1980 00:00   word/embeddings/oleObject1.bin
>>> 4809  01-01-1980 00:00   word/settings.xml
>>> 1299  01-01-1980 00:00   word/fontTable.xml
>>>  576  01-01-1980 00:00   word/webSettings.xml
>>>  995  01-01-1980 00:00   docProps/app.xml
>>>29121  01-01-1980 00:00   word/styles.xml
>>>  732  01-01-1980 00:00   docProps/core.xml
>>> - ---
>>>   196649 14 files
>>> 
>>> "Normal" .docx files do not have the oleObject1.bin as an archive members.
>>> I do
>>> have ScanOLE2 and OLE2BlockMacros enabled. So why isn't clamav detecting
>>> this
>>> oleObject1.bin member?
>>> 
>>> (To where should I submit a sample of this attachment?)
>>> 
>>> --Mark
>>> 
>>> -Original Message-
>>> From: Mark Foley 
>>> Date: Wed, 15 Nov 2017 13:18:23 -0500
>>> Organization: Novatec Software Engineering, LLC
>>> To: clamav-users@lists.clamav.net
>>> 
>>> I'm having this same issue. The problem as I see it is that the .doc
>>> attached to
>>> these "Invoice" message is encrypted and clamav does not see what's
>>> inside. I'm
>>> discussing this encrypted attachment issue in my thread, subject: "password
>>> protected encrypted .docx files". I'm continuing to research this.
>>> 
>>> --Mark
>>> 
>>> On Wed, 15 Nov 2017 15:09:59 -0300 Emanuel 
>>> wrote:
>>> 
>>>> Other virus not detected
>>>> 
>>>> https://www.virustotal.com/#/file/6b7b11077b2bcdbce94eff73722a4f
>>> 78103d2e87bd4331654bc65c0daeb176dd/detection
>>>> 
>>>> 
>>>> El 14/11/17 a las 09:52, Emanuel escribió:
>>>>> Scan the attachment, clamav not detect this file.
>>>>> 
>>>>> 
>>>>> El 14/11/17 a las 09:51, Al Varnell escribió:
>>>>>> You mentioned two attachments. Kaspersky and ClamXAV appear to catch
>>>>>> the first one, but neither catch the second one you showed us. The
>>>>>> SHA246 for a file is the same no matter what scanner is used.
>>>>>> 
>>>>>> -Al-
>>>>>> 
>>>>>> On

Re: [clamav-users] Virus Malvare not detected

2017-11-15 Thread Mark Foley

Actually, the clamscanner is now finding these files, so someone must have
updated something since yesterday (which is when these files came in):

/home/HPRS/matkeson/Maildir/.SENT/cur/1510671208.M989641P17402.mail,S=203527,W=206204:2,S:
 Doc.Dropper.Agent-6374331-0 FOUND
/home/HPRS/matkeson/Maildir/.SENT/cur/1510671208.M989641P17402.mail,S=203527,W=206204:2,S!MAIL:InvoiceETT3600920.doc!...!(3)ZIP:docProps/core.xml:
 Doc.Dropper.Agent-6374331-0 FOUND

I'll go ahead and submit my file anyway, in case this is something different.

--Mark

-Original Message-
From: Steven Morgan 
Date: Wed, 15 Nov 2017 15:50:31 -0500
To: ClamAV users ML 
Subject: Re: [clamav-users] Virus Malvare not detected

Mark,

Please open a bug report about this issue at bugzilla.clamav.net. Please
include your file and we can look into the issues.

Thanks,
Steve



On Wed, Nov 15, 2017 at 2:45 PM, Mark Foley  wrote:

> I'm going to continue piggybacking onto this thread as it deals with
> Clamav's
> non-discovery of the malware attached to messages with the subject "Invoice
> ...". Although, I don't know if this is the same type of attachment.
>
> The attachments I've been getting are .docx file named as .doc files. In
> examining the contents of these archives I find:
>
> $ unzip -l InvoiceZGC3020188.doc
> Archive:  InvoiceZGC3020188.doc
>   Length  DateTimeName
> -  -- -   
>  1510  01-01-1980 00:00   [Content_Types].xml
>   590  01-01-1980 00:00   _rels/.rels
>  1226  01-01-1980 00:00   word/_rels/document.xml.rels
>  5097  01-01-1980 00:00   word/document.xml
>  5424  01-01-1980 00:00   word/media/image1.emf
>132276  01-01-1980 00:00   word/media/image2.png
>  6850  01-01-1980 00:00   word/theme/theme1.xml
>  6144  01-01-1980 00:00   word/embeddings/oleObject1.bin
>  4809  01-01-1980 00:00   word/settings.xml
>  1299  01-01-1980 00:00   word/fontTable.xml
>   576  01-01-1980 00:00   word/webSettings.xml
>   995  01-01-1980 00:00   docProps/app.xml
> 29121  01-01-1980 00:00   word/styles.xml
>   732  01-01-1980 00:00   docProps/core.xml
> - ---
>196649 14 files
>
> "Normal" .docx files do not have the oleObject1.bin as an archive members.
> I do
> have ScanOLE2 and OLE2BlockMacros enabled. So why isn't clamav detecting
> this
> oleObject1.bin member?
>
> (To where should I submit a sample of this attachment?)
>
> --Mark
>
> -Original Message-
> From: Mark Foley 
> Date: Wed, 15 Nov 2017 13:18:23 -0500
> Organization: Novatec Software Engineering, LLC
> To: clamav-users@lists.clamav.net
>
> I'm having this same issue. The problem as I see it is that the .doc
> attached to
> these "Invoice" message is encrypted and clamav does not see what's
> inside. I'm
> discussing this encrypted attachment issue in my thread, subject: "password
> protected encrypted .docx files". I'm continuing to research this.
>
> --Mark
>
> On Wed, 15 Nov 2017 15:09:59 -0300 Emanuel 
> wrote:
>
> > Other virus not detected
> >
> > https://www.virustotal.com/#/file/6b7b11077b2bcdbce94eff73722a4f
> 78103d2e87bd4331654bc65c0daeb176dd/detection
> >
> >
> > El 14/11/17 a las 09:52, Emanuel escribió:
> > > Scan the attachment, clamav not detect this file.
> > >
> > >
> > > El 14/11/17 a las 09:51, Al Varnell escribió:
> > >> You mentioned two attachments. Kaspersky and ClamXAV appear to catch
> > >> the first one, but neither catch the second one you showed us. The
> > >> SHA246 for a file is the same no matter what scanner is used.
> > >>
> > >> -Al-
> > >>
> > >> On Tue, Nov 14, 2017 at 04:36 AM, Emanuel wrote:
> > >>> the first scan is with kaspersky online
> > >>>
> > >>>
> > >>> El 14/11/17 a las 09:31, Al Varnell escribió:
> > >>>> That's not the same file you showed before. The SHA256 is different.
> > >>>>
> > >>>> -Al-
> > >>>>
> > >>>> On Tue, Nov 14, 2017 at 04:23 AM, Emanuel wrote:
> > >>>>> Please see
> > >>>>>
> > >>>>> https://www.virustotal.com/es-ar/file/
> 323cb1d2f3b9d0678a8e017fedad1da2768c0eb65111937d03c19e0c053b
> 5da4/analysis/1510662252/
> > >>>>> <https://www.virustotal.com/es-ar/file/
> 323cb1d2f3b9d0678a8e017fedad1da2768c0eb65111937d03c19e0c053b
> 5da4/analysis/1510662252/>
> > >>>>> <https:

Re: [clamav-users] Virus Malvare not detected

2017-11-15 Thread Steven Morgan

Mark,

Please open a bug report about this issue at bugzilla.clamav.net. Please
include your file and we can look into the issues.

Thanks,
Steve



On Wed, Nov 15, 2017 at 2:45 PM, Mark Foley  wrote:

> I'm going to continue piggybacking onto this thread as it deals with
> Clamav's
> non-discovery of the malware attached to messages with the subject "Invoice
> ...". Although, I don't know if this is the same type of attachment.
>
> The attachments I've been getting are .docx file named as .doc files. In
> examining the contents of these archives I find:
>
> $ unzip -l InvoiceZGC3020188.doc
> Archive:  InvoiceZGC3020188.doc
>   Length  DateTimeName
> -  -- -   
>  1510  01-01-1980 00:00   [Content_Types].xml
>   590  01-01-1980 00:00   _rels/.rels
>  1226  01-01-1980 00:00   word/_rels/document.xml.rels
>  5097  01-01-1980 00:00   word/document.xml
>  5424  01-01-1980 00:00   word/media/image1.emf
>132276  01-01-1980 00:00   word/media/image2.png
>  6850  01-01-1980 00:00   word/theme/theme1.xml
>  6144  01-01-1980 00:00   word/embeddings/oleObject1.bin
>  4809  01-01-1980 00:00   word/settings.xml
>  1299  01-01-1980 00:00   word/fontTable.xml
>   576  01-01-1980 00:00   word/webSettings.xml
>   995  01-01-1980 00:00   docProps/app.xml
> 29121  01-01-1980 00:00   word/styles.xml
>   732  01-01-1980 00:00   docProps/core.xml
> - ---
>196649 14 files
>
> "Normal" .docx files do not have the oleObject1.bin as an archive members.
> I do
> have ScanOLE2 and OLE2BlockMacros enabled. So why isn't clamav detecting
> this
> oleObject1.bin member?
>
> (To where should I submit a sample of this attachment?)
>
> --Mark
>
> -Original Message-
> From: Mark Foley 
> Date: Wed, 15 Nov 2017 13:18:23 -0500
> Organization: Novatec Software Engineering, LLC
> To: clamav-users@lists.clamav.net
>
> I'm having this same issue. The problem as I see it is that the .doc
> attached to
> these "Invoice" message is encrypted and clamav does not see what's
> inside. I'm
> discussing this encrypted attachment issue in my thread, subject: "password
> protected encrypted .docx files". I'm continuing to research this.
>
> --Mark
>
> On Wed, 15 Nov 2017 15:09:59 -0300 Emanuel 
> wrote:
>
> > Other virus not detected
> >
> > https://www.virustotal.com/#/file/6b7b11077b2bcdbce94eff73722a4f
> 78103d2e87bd4331654bc65c0daeb176dd/detection
> >
> >
> > El 14/11/17 a las 09:52, Emanuel escribió:
> > > Scan the attachment, clamav not detect this file.
> > >
> > >
> > > El 14/11/17 a las 09:51, Al Varnell escribió:
> > >> You mentioned two attachments. Kaspersky and ClamXAV appear to catch
> > >> the first one, but neither catch the second one you showed us. The
> > >> SHA246 for a file is the same no matter what scanner is used.
> > >>
> > >> -Al-
> > >>
> > >> On Tue, Nov 14, 2017 at 04:36 AM, Emanuel wrote:
> > >>> the first scan is with kaspersky online
> > >>>
> > >>>
> > >>> El 14/11/17 a las 09:31, Al Varnell escribió:
> >  That's not the same file you showed before. The SHA256 is different.
> > 
> >  -Al-
> > 
> >  On Tue, Nov 14, 2017 at 04:23 AM, Emanuel wrote:
> > > Please see
> > >
> > > https://www.virustotal.com/es-ar/file/
> 323cb1d2f3b9d0678a8e017fedad1da2768c0eb65111937d03c19e0c053b
> 5da4/analysis/1510662252/
> > >  323cb1d2f3b9d0678a8e017fedad1da2768c0eb65111937d03c19e0c053b
> 5da4/analysis/1510662252/>
> > >  323cb1d2f3b9d0678a8e017fedad1da2768c0eb65111937d03c19e0c053b
> 5da4/analysis/1510662252/
> > >  323cb1d2f3b9d0678a8e017fedad1da2768c0eb65111937d03c19e0c053b
> 5da4/analysis/1510662252/>>
> > >
> > >
> > >
> > > El 14/11/17 a las 09:00, Al Varnell escribió:
> > >> According to VirusTotal, ClamAV does detect it as
> > >> Doc.Dropper.Agent-6369707-0
> > >>  142a177f214671f7abd22f9e545595bf56a8116763bb7e9de7368aa1b2d381bf/analysis/
> > >>  142a177f214671f7abd22f9e545595bf56a8116763bb7e9de7368aa1b2d381bf/analysis/
> >
> > >>  142a177f214671f7abd22f9e545595bf56a8116763bb7e9de7368aa1b2d381bf/analysis/
> > >>  142a177f214671f7abd22f9e545595bf56a8116763bb7e9de7368aa1b2d381bf/analysis/
> >>>
> > >>
> > >>
> > >> but go ahead and try to submit it anyway.
> > >>
> > >> -Al-
> > >>
> > >> On Tue, Nov 14, 2017 at 03:33 AM, Emanuel wrote:
> > >>> Hello,
> > >>>
> > >>> I received two docs files in a email with the Subject "Invoice".
> > >>> The attachment is a malware virus, clamav not detected this.
> > >>>
> > >>> Scan with kaspersky
> > >>>
> > >>>
> > >>> Scan result

Re: [clamav-users] Virus Malvare not detected

2017-11-15 Thread Mark Foley

I'm going to continue piggybacking onto this thread as it deals with Clamav's
non-discovery of the malware attached to messages with the subject "Invoice
...". Although, I don't know if this is the same type of attachment.

The attachments I've been getting are .docx file named as .doc files. In
examining the contents of these archives I find:

$ unzip -l InvoiceZGC3020188.doc 
Archive:  InvoiceZGC3020188.doc
  Length  DateTimeName
-  -- -   
 1510  01-01-1980 00:00   [Content_Types].xml
  590  01-01-1980 00:00   _rels/.rels
 1226  01-01-1980 00:00   word/_rels/document.xml.rels
 5097  01-01-1980 00:00   word/document.xml
 5424  01-01-1980 00:00   word/media/image1.emf
   132276  01-01-1980 00:00   word/media/image2.png
 6850  01-01-1980 00:00   word/theme/theme1.xml
 6144  01-01-1980 00:00   word/embeddings/oleObject1.bin
 4809  01-01-1980 00:00   word/settings.xml
 1299  01-01-1980 00:00   word/fontTable.xml
  576  01-01-1980 00:00   word/webSettings.xml
  995  01-01-1980 00:00   docProps/app.xml
29121  01-01-1980 00:00   word/styles.xml
  732  01-01-1980 00:00   docProps/core.xml
- ---
   196649 14 files

"Normal" .docx files do not have the oleObject1.bin as an archive members. I do
have ScanOLE2 and OLE2BlockMacros enabled. So why isn't clamav detecting this
oleObject1.bin member?

(To where should I submit a sample of this attachment?)

--Mark

-Original Message-
From: Mark Foley 
Date: Wed, 15 Nov 2017 13:18:23 -0500
Organization: Novatec Software Engineering, LLC
To: clamav-users@lists.clamav.net

I'm having this same issue. The problem as I see it is that the .doc attached to
these "Invoice" message is encrypted and clamav does not see what's inside. I'm
discussing this encrypted attachment issue in my thread, subject: "password
protected encrypted .docx files". I'm continuing to research this.

--Mark

On Wed, 15 Nov 2017 15:09:59 -0300 Emanuel  wrote:

> Other virus not detected
>
> https://www.virustotal.com/#/file/6b7b11077b2bcdbce94eff73722a4f78103d2e87bd4331654bc65c0daeb176dd/detection
>
>
> El 14/11/17 a las 09:52, Emanuel escribió:
> > Scan the attachment, clamav not detect this file.
> >
> >
> > El 14/11/17 a las 09:51, Al Varnell escribió:
> >> You mentioned two attachments. Kaspersky and ClamXAV appear to catch 
> >> the first one, but neither catch the second one you showed us. The 
> >> SHA246 for a file is the same no matter what scanner is used.
> >>
> >> -Al-
> >>
> >> On Tue, Nov 14, 2017 at 04:36 AM, Emanuel wrote:
> >>> the first scan is with kaspersky online
> >>>
> >>>
> >>> El 14/11/17 a las 09:31, Al Varnell escribió:
>  That's not the same file you showed before. The SHA256 is different.
> 
>  -Al-
> 
>  On Tue, Nov 14, 2017 at 04:23 AM, Emanuel wrote:
> > Please see
> >
> > https://www.virustotal.com/es-ar/file/323cb1d2f3b9d0678a8e017fedad1da2768c0eb65111937d03c19e0c053b5da4/analysis/1510662252/
> >  
> > 
> >  
> >  >  
> > >
> >  
> >
> >
> >
> > El 14/11/17 a las 09:00, Al Varnell escribió:
> >> According to VirusTotal, ClamAV does detect it as 
> >> Doc.Dropper.Agent-6369707-0
> >>  >>  
> >> 
> >>  
> >>  >>  
> >> >>
> >>  
> >>
> >>
> >> but go ahead and try to submit it anyway.
> >>
> >> -Al-
> >>
> >> On Tue, Nov 14, 2017 at 03:33 AM, Emanuel wrote:
> >>> Hello,
> >>>
> >>> I received two docs files in a email with the Subject "Invoice". 
> >>> The attachment is a malware virus, clamav not detected this.
> >>>
> >>> Scan with kaspersky
> >>>
> >>>
> >>> Scan result
> >>> File is infected
> >>> Detected threats
> >>> Trojan-Downloader.MSWord.Agent.bqx
> >>> File size
> >>> 144.95 KB
> >>> File type
> >>> OOXML/DOCUMENT
> >>> Scan date
> >>> Nov 14 2017 08:15:42
> >>> Databases release date
> >>> Nov 14 2017 10:36:04 UTC
> >>> MD5
> >>> 70bdc39f8f57e090bebc4616924cdadc
> >>> SHA1
> >

Re: [clamav-users] Virus Malvare not detected

2017-11-15 Thread Mark Foley

I'm having this same issue. The problem as I see it is that the .doc attached to
these "Invoice" message is encrypted and clamav does not see what's inside. I'm
discussing this encrypted attachment issue in my thread, subject: "password
protected encrypted .docx files". I'm continuing to research this.

--Mark

On Wed, 15 Nov 2017 15:09:59 -0300 Emanuel  wrote:

> Other virus not detected
>
> https://www.virustotal.com/#/file/6b7b11077b2bcdbce94eff73722a4f78103d2e87bd4331654bc65c0daeb176dd/detection
>
>
> El 14/11/17 a las 09:52, Emanuel escribió:
> > Scan the attachment, clamav not detect this file.
> >
> >
> > El 14/11/17 a las 09:51, Al Varnell escribió:
> >> You mentioned two attachments. Kaspersky and ClamXAV appear to catch 
> >> the first one, but neither catch the second one you showed us. The 
> >> SHA246 for a file is the same no matter what scanner is used.
> >>
> >> -Al-
> >>
> >> On Tue, Nov 14, 2017 at 04:36 AM, Emanuel wrote:
> >>> the first scan is with kaspersky online
> >>>
> >>>
> >>> El 14/11/17 a las 09:31, Al Varnell escribió:
>  That's not the same file you showed before. The SHA256 is different.
> 
>  -Al-
> 
>  On Tue, Nov 14, 2017 at 04:23 AM, Emanuel wrote:
> > Please see
> >
> > https://www.virustotal.com/es-ar/file/323cb1d2f3b9d0678a8e017fedad1da2768c0eb65111937d03c19e0c053b5da4/analysis/1510662252/
> >  
> > 
> >  
> >  >  
> > >
> >  
> >
> >
> >
> > El 14/11/17 a las 09:00, Al Varnell escribió:
> >> According to VirusTotal, ClamAV does detect it as 
> >> Doc.Dropper.Agent-6369707-0
> >>  >>  
> >> 
> >>  
> >>  >>  
> >> >>
> >>  
> >>
> >>
> >> but go ahead and try to submit it anyway.
> >>
> >> -Al-
> >>
> >> On Tue, Nov 14, 2017 at 03:33 AM, Emanuel wrote:
> >>> Hello,
> >>>
> >>> I received two docs files in a email with the Subject "Invoice". 
> >>> The attachment is a malware virus, clamav not detected this.
> >>>
> >>> Scan with kaspersky
> >>>
> >>>
> >>> Scan result
> >>> File is infected
> >>> Detected threats
> >>> Trojan-Downloader.MSWord.Agent.bqx
> >>> File size
> >>> 144.95 KB
> >>> File type
> >>> OOXML/DOCUMENT
> >>> Scan date
> >>> Nov 14 2017 08:15:42
> >>> Databases release date
> >>> Nov 14 2017 10:36:04 UTC
> >>> MD5
> >>> 70bdc39f8f57e090bebc4616924cdadc
> >>> SHA1
> >>> ecf414f8523627a0d5d6637041f6e1e3bbcee62e
> >>> SHA256
> >>> 142a177f214671f7abd22f9e545595bf56a8116763bb7e9de7368aa1b2d381bf
> >>>
> >>> it's possible to add manually this virus to the clamav database?
> 
> 
>  ___
>  clamav-users mailing list
>  clamav-users@lists.clamav.net 
>  http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
> 
> 
>  Help us build a comprehensive ClamAV guide:
>  https://github.com/vrtadmin/clamav-faq
> 
>  http://www.clamav.net/contact.html#ml
> >> -Al-
> >>
> >>
> >> ___
> >> clamav-users mailing list
> >> clamav-users@lists.clamav.net
> >> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
> >>
> >>
> >> Help us build a comprehensive ClamAV guide:
> >> https://github.com/vrtadmin/clamav-faq
> >>
> >> http://www.clamav.net/contact.html#ml
> >
>
> -- 
> envialosimple.com   
> Emanuel Gonzalez
> Deliverability Specialist
> emanuel.gonza...@donweb.com 
> www.envialosimple.com 
> by donweb 
>
> Nota de confidencialidad: Este mensaje y archivos adjuntos al mismo son 
> confidenciales, de uso exclusivo para el destinatario del mismo. La 
> divulgación y/o uso del mismo sin autorización por parte de DonWeb.com 
> queda prohibida.
> DonWeb.com no se hace responsable del mensaje por la falsificación y/o 
> alteración del mismo.
> De no ser Ud el destinatario del mismo y lo ha recibido por error

Re: [clamav-users] Virus Malvare not detected

2017-11-15 Thread Emanuel

Other virus not detected

https://www.virustotal.com/#/file/6b7b11077b2bcdbce94eff73722a4f78103d2e87bd4331654bc65c0daeb176dd/detection

El 14/11/17 a las 09:52, Emanuel escribió:

Scan the attachment, clamav not detect this file.

El 14/11/17 a las 09:51, Al Varnell escribió:
You mentioned two attachments. Kaspersky and ClamXAV appear to catch
the first one, but neither catch the second one you showed us. The
SHA246 for a file is the same no matter what scanner is used.

-Al-

On Tue, Nov 14, 2017 at 04:36 AM, Emanuel wrote:

the first scan is with kaspersky online

El 14/11/17 a las 09:31, Al Varnell escribió:

That's not the same file you showed before. The SHA256 is different.

-Al-

On Tue, Nov 14, 2017 at 04:23 AM, Emanuel wrote:

Please see

https://www.virustotal.com/es-ar/file/323cb1d2f3b9d0678a8e017fedad1da2768c0eb65111937d03c19e0c053b5da4/analysis/1510662252/

El 14/11/17 a las 09:00, Al Varnell escribió:
According to VirusTotal, ClamAV does detect it as
Doc.Dropper.Agent-6369707-0

but go ahead and try to submit it anyway.

-Al-

On Tue, Nov 14, 2017 at 03:33 AM, Emanuel wrote:

Hello,

I received two docs files in a email with the Subject "Invoice".
The attachment is a malware virus, clamav not detected this.

Scan with kaspersky

Scan result
File is infected
Detected threats
Trojan-Downloader.MSWord.Agent.bqx
File size
144.95 KB
File type
OOXML/DOCUMENT
Scan date
Nov 14 2017 08:15:42
Databases release date
Nov 14 2017 10:36:04 UTC
MD5
70bdc39f8f57e090bebc4616924cdadc
SHA1
ecf414f8523627a0d5d6637041f6e1e3bbcee62e
SHA256
142a177f214671f7abd22f9e545595bf56a8116763bb7e9de7368aa1b2d381bf

it's possible to add manually this virus to the clamav database?

___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users

Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

-Al-

___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users

Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

--
envialosimple.com
Emanuel Gonzalez
Deliverability Specialist
emanuel.gonza...@donweb.com
www.envialosimple.com
by donweb

Nota de confidencialidad: Este mensaje y archivos adjuntos al mismo son
confidenciales, de uso exclusivo para el destinatario del mismo. La
divulgación y/o uso del mismo sin autorización por parte de DonWeb.com
queda prohibida.
DonWeb.com no se hace responsable del mensaje por la falsificación y/o
alteración del mismo.
De no ser Ud el destinatario del mismo y lo ha recibido por error, por
favor, notifique al remitente y elimínelo de su sistema.
Confidentiality Note: This message and any attachments (the message) are
confidential and intended solely for the addressees. Any unauthorised
use or dissemination is prohibited by DonWeb.com.

DonWeb.com shall not be liable for the message if altered or falsified.
If you are not the intended addressee of this message, please cancel it
immediately and inform the sender
Nota de Confidencialidade: Esta mensagem e seus eventuais anexos podem
conter dados confidenciais ou privilegiados.
Se você os recebeu por engano ou não é um dos destinatários aos quais
ela foi endereçada, por favor destrua-a e a todos os seus eventuais
anexos ou copias realizadas, imediatamente.
É proibida a retenção, distribuição, divulgação ou utilização de
quaisquer informações aqui contidas.
Por favor, informenos sobre o recebimento indevido desta mensagem,
retornando-a para o autor.

___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users

Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmi

Re: [clamav-users] Virus Malvare not detected

2017-11-14 Thread Emanuel

Scan the attachment, clamav not detect this file.

El 14/11/17 a las 09:51, Al Varnell escribió:

You mentioned two attachments. Kaspersky and ClamXAV appear to catch the first
one, but neither catch the second one you showed us. The SHA246 for a file is
the same no matter what scanner is used.

-Al-

On Tue, Nov 14, 2017 at 04:36 AM, Emanuel wrote:

the first scan is with kaspersky online

El 14/11/17 a las 09:31, Al Varnell escribió:

That's not the same file you showed before. The SHA256 is different.

-Al-

On Tue, Nov 14, 2017 at 04:23 AM, Emanuel wrote:

Please see

https://www.virustotal.com/es-ar/file/323cb1d2f3b9d0678a8e017fedad1da2768c0eb65111937d03c19e0c053b5da4/analysis/1510662252/

El 14/11/17 a las 09:00, Al Varnell escribió:

According to VirusTotal, ClamAV does detect it as Doc.Dropper.Agent-6369707-0

but go ahead and try to submit it anyway.

-Al-

On Tue, Nov 14, 2017 at 03:33 AM, Emanuel wrote:

Hello,

I received two docs files in a email with the Subject "Invoice". The attachment
is a malware virus, clamav not detected this.

Scan with kaspersky

it's possible to add manually this virus to the clamav database?

___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users

Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

-Al-

___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users

Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

--
envialosimple.com
Emanuel Gonzalez
Deliverability Specialist
emanuel.gonza...@donweb.com
www.envialosimple.com
by donweb

___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users

Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Virus Malvare not detected

2017-11-14 Thread Al Varnell

You mentioned two attachments. Kaspersky and ClamXAV appear to catch the first 
one, but neither catch the second one you showed us. The SHA246 for a file is 
the same no matter what scanner is used.

-Al-

On Tue, Nov 14, 2017 at 04:36 AM, Emanuel wrote:
> the first scan is with kaspersky online
> 
> 
> El 14/11/17 a las 09:31, Al Varnell escribió:
>> That's not the same file you showed before. The SHA256 is different.
>> 
>> -Al-
>> 
>> On Tue, Nov 14, 2017 at 04:23 AM, Emanuel wrote:
>>> Please see
>>> 
>>> https://www.virustotal.com/es-ar/file/323cb1d2f3b9d0678a8e017fedad1da2768c0eb65111937d03c19e0c053b5da4/analysis/1510662252/
>>>  
>>> 
>>>  
>>> >>  
>>> >
>>> 
>>> 
>>> El 14/11/17 a las 09:00, Al Varnell escribió:
 According to VirusTotal, ClamAV does detect it as 
 Doc.Dropper.Agent-6369707-0
 
  
 >>
 
 but go ahead and try to submit it anyway.
 
 -Al-
 
 On Tue, Nov 14, 2017 at 03:33 AM, Emanuel wrote:
> Hello,
> 
> I received two docs files in a email with the Subject "Invoice". The 
> attachment is a malware virus, clamav not detected this.
> 
> Scan with kaspersky
> 
> 
> Scan result
> File is infected
> Detected threats
> Trojan-Downloader.MSWord.Agent.bqx
> File size
> 144.95 KB
> File type
> OOXML/DOCUMENT
> Scan date
> Nov 14 2017 08:15:42
> Databases release date
> Nov 14 2017 10:36:04 UTC
> MD5
> 70bdc39f8f57e090bebc4616924cdadc
> SHA1
> ecf414f8523627a0d5d6637041f6e1e3bbcee62e
> SHA256
> 142a177f214671f7abd22f9e545595bf56a8116763bb7e9de7368aa1b2d381bf
> 
> it's possible to add manually this virus to the clamav database?
>> 
>> 
>> 
>> ___
>> clamav-users mailing list
>> clamav-users@lists.clamav.net 
>> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
>> 
>> 
>> Help us build a comprehensive ClamAV guide:
>> https://github.com/vrtadmin/clamav-faq
>> 
>> http://www.clamav.net/contact.html#ml

-Al-
-- 
Al Varnell
Mountain View, CA







smime.p7s
Description: S/MIME cryptographic signature
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Virus Malvare not detected

2017-11-14 Thread Emanuel

the first scan is with kaspersky online

El 14/11/17 a las 09:31, Al Varnell escribió:

That's not the same file you showed before. The SHA256 is different.

-Al-

On Tue, Nov 14, 2017 at 04:23 AM, Emanuel wrote:

Please see

https://www.virustotal.com/es-ar/file/323cb1d2f3b9d0678a8e017fedad1da2768c0eb65111937d03c19e0c053b5da4/analysis/1510662252/

El 14/11/17 a las 09:00, Al Varnell escribió:

According to VirusTotal, ClamAV does detect it as Doc.Dropper.Agent-6369707-0
>

but go ahead and try to submit it anyway.

-Al-

On Tue, Nov 14, 2017 at 03:33 AM, Emanuel wrote:

Hello,

I received two docs files in a email with the Subject "Invoice". The attachment
is a malware virus, clamav not detected this.

Scan with kaspersky

it's possible to add manually this virus to the clamav database?

___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users

Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

--
envialosimple.com
Emanuel Gonzalez
Deliverability Specialist
emanuel.gonza...@donweb.com
www.envialosimple.com
by donweb

___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users

Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Virus Malvare not detected

2017-11-14 Thread Al Varnell

That's not the same file you showed before. The SHA256 is different.

-Al-

On Tue, Nov 14, 2017 at 04:23 AM, Emanuel wrote:
> Please see
> 
> https://www.virustotal.com/es-ar/file/323cb1d2f3b9d0678a8e017fedad1da2768c0eb65111937d03c19e0c053b5da4/analysis/1510662252/
>  
> 
> 
> 
> El 14/11/17 a las 09:00, Al Varnell escribió:
>> According to VirusTotal, ClamAV does detect it as Doc.Dropper.Agent-6369707-0
>> >  
>> >
>> 
>> but go ahead and try to submit it anyway.
>> 
>> -Al-
>> 
>> On Tue, Nov 14, 2017 at 03:33 AM, Emanuel wrote:
>>> Hello,
>>> 
>>> I received two docs files in a email with the Subject "Invoice". The 
>>> attachment is a malware virus, clamav not detected this.
>>> 
>>> Scan with kaspersky
>>> 
>>> 
>>> Scan result
>>> File is infected
>>> Detected threats
>>> Trojan-Downloader.MSWord.Agent.bqx
>>> File size
>>> 144.95 KB
>>> File type
>>> OOXML/DOCUMENT
>>> Scan date
>>> Nov 14 2017 08:15:42
>>> Databases release date
>>> Nov 14 2017 10:36:04 UTC
>>> MD5
>>> 70bdc39f8f57e090bebc4616924cdadc
>>> SHA1
>>> ecf414f8523627a0d5d6637041f6e1e3bbcee62e
>>> SHA256
>>> 142a177f214671f7abd22f9e545595bf56a8116763bb7e9de7368aa1b2d381bf
>>> 
>>> it's possible to add manually this virus to the clamav database?




smime.p7s
Description: S/MIME cryptographic signature
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Virus Malvare not detected

2017-11-14 Thread Emanuel


Please see

https://www.virustotal.com/es-ar/file/323cb1d2f3b9d0678a8e017fedad1da2768c0eb65111937d03c19e0c053b5da4/analysis/1510662252/


El 14/11/17 a las 09:00, Al Varnell escribió:

According to VirusTotal, ClamAV does detect it as Doc.Dropper.Agent-6369707-0
>

but go ahead and try to submit it anyway.

-Al-

On Tue, Nov 14, 2017 at 03:33 AM, Emanuel wrote:

Hello,

I received two docs files in a email with the Subject "Invoice". The attachment 
is a malware virus, clamav not detected this.

Scan with kaspersky


Scan result
File is infected
Detected threats
Trojan-Downloader.MSWord.Agent.bqx
File size
144.95 KB
File type
OOXML/DOCUMENT
Scan date
Nov 14 2017 08:15:42
Databases release date
Nov 14 2017 10:36:04 UTC
MD5
70bdc39f8f57e090bebc4616924cdadc
SHA1
ecf414f8523627a0d5d6637041f6e1e3bbcee62e
SHA256
142a177f214671f7abd22f9e545595bf56a8116763bb7e9de7368aa1b2d381bf

it's possible to add manually this virus to the clamav database?

-Al-


___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml


--
envialosimple.com   
Emanuel Gonzalez
Deliverability Specialist
emanuel.gonza...@donweb.com 
www.envialosimple.com 
by donweb 

Nota de confidencialidad: Este mensaje y archivos adjuntos al mismo son 
confidenciales, de uso exclusivo para el destinatario del mismo. La 
divulgación y/o uso del mismo sin autorización por parte de DonWeb.com 
queda prohibida.
DonWeb.com no se hace responsable del mensaje por la falsificación y/o 
alteración del mismo.
De no ser Ud el destinatario del mismo y lo ha recibido por error, por 
favor, notifique al remitente y elimínelo de su sistema.
Confidentiality Note: This message and any attachments (the message) are 
confidential and intended solely for the addressees. Any unauthorised 
use or dissemination is prohibited by DonWeb.com.

DonWeb.com shall not be liable  for the message if altered or falsified.
If you are not the intended addressee of this message, please cancel it 
immediately and inform the sender
Nota de Confidencialidade: Esta mensagem e seus eventuais anexos podem 
conter dados confidenciais ou privilegiados.
Se você os recebeu por engano ou não é um dos destinatários aos quais 
ela foi endereçada, por favor destrua-a e a todos os seus eventuais 
anexos ou copias realizadas, imediatamente.
É proibida a retenção, distribuição, divulgação ou utilização de 
quaisquer informações aqui contidas.
Por favor, informenos sobre o recebimento indevido desta mensagem, 
retornando-a para o autor.


___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Virus Malvare not detected

2017-11-14 Thread Al Varnell

According to VirusTotal, ClamAV does detect it as Doc.Dropper.Agent-6369707-0
>

but go ahead and try to submit it anyway.

-Al-

On Tue, Nov 14, 2017 at 03:33 AM, Emanuel wrote:
> Hello,
> 
> I received two docs files in a email with the Subject "Invoice". The 
> attachment is a malware virus, clamav not detected this.
> 
> Scan with kaspersky
> 
> 
> Scan result
> File is infected
> Detected threats
> Trojan-Downloader.MSWord.Agent.bqx
> File size
> 144.95 KB
> File type
> OOXML/DOCUMENT
> Scan date
> Nov 14 2017 08:15:42
> Databases release date
> Nov 14 2017 10:36:04 UTC
> MD5
> 70bdc39f8f57e090bebc4616924cdadc
> SHA1
> ecf414f8523627a0d5d6637041f6e1e3bbcee62e
> SHA256
> 142a177f214671f7abd22f9e545595bf56a8116763bb7e9de7368aa1b2d381bf
> 
> it's possible to add manually this virus to the clamav database?

-Al-
-- 
Al Varnell
Mountain View, CA







smime.p7s
Description: S/MIME cryptographic signature
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Virus Malvare not detected

2017-11-14 Thread Joel Esler (jesler)

Please submit malware samples to ClamAV.net

Sent from my iPhone

On Nov 14, 2017, at 6:36 AM, Emanuel 
mailto:emanuel.gonza...@donweb.com>> wrote:

Hello,

I received two docs files in a email with the Subject "Invoice". The attachment 
is a malware virus, clamav not detected this.

Scan with kaspersky


Scan result
File is infected
Detected threats
Trojan-Downloader.MSWord.Agent.bqx
File size
144.95 KB
File type
OOXML/DOCUMENT
Scan date
Nov 14 2017 08:15:42
Databases release date
Nov 14 2017 10:36:04 UTC
MD5
70bdc39f8f57e090bebc4616924cdadc
SHA1
ecf414f8523627a0d5d6637041f6e1e3bbcee62e
SHA256
142a177f214671f7abd22f9e545595bf56a8116763bb7e9de7368aa1b2d381bf

it's possible to add manually this virus to the clamav database?

--
envialosimple.com 
Emanuel Gonzalez
Deliverability Specialist
emanuel.gonza...@donweb.com 

www.envialosimple.com 

by donweb 

Nota de confidencialidad: Este mensaje y archivos adjuntos al mismo son 
confidenciales, de uso exclusivo para el destinatario del mismo. La divulgación 
y/o uso del mismo sin autorización por parte de DonWeb.com 
queda prohibida.
DonWeb.com no se hace responsable del mensaje por la 
falsificación y/o alteración del mismo.
De no ser Ud el destinatario del mismo y lo ha recibido por error, por favor, 
notifique al remitente y elimínelo de su sistema.
Confidentiality Note: This message and any attachments (the message) are 
confidential and intended solely for the addressees. Any unauthorised use or 
dissemination is prohibited by DonWeb.com.
DonWeb.com shall not be liable  for the message if altered 
or falsified.
If you are not the intended addressee of this message, please cancel it 
immediately and inform the sender
Nota de Confidencialidade: Esta mensagem e seus eventuais anexos podem conter 
dados confidenciais ou privilegiados.
Se você os recebeu por engano ou não é um dos destinatários aos quais ela foi 
endereçada, por favor destrua-a e a todos os seus eventuais anexos ou copias 
realizadas, imediatamente.
É proibida a retenção, distribuição, divulgação ou utilização de quaisquer 
informações aqui contidas.
Por favor, informenos sobre o recebimento indevido desta mensagem, retornando-a 
para o autor.

___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

[clamav-users] Virus Malvare not detected

2017-11-14 Thread Emanuel


Hello,

I received two docs files in a email with the Subject "Invoice". The 
attachment is a malware virus, clamav not detected this.


Scan with kaspersky


Scan result
File is infected
Detected threats
Trojan-Downloader.MSWord.Agent.bqx
File size
144.95 KB
File type
OOXML/DOCUMENT
Scan date
Nov 14 2017 08:15:42
Databases release date
Nov 14 2017 10:36:04 UTC
MD5
70bdc39f8f57e090bebc4616924cdadc
SHA1
ecf414f8523627a0d5d6637041f6e1e3bbcee62e
SHA256
142a177f214671f7abd22f9e545595bf56a8116763bb7e9de7368aa1b2d381bf

it's possible to add manually this virus to the clamav database?

--
envialosimple.com   
Emanuel Gonzalez
Deliverability Specialist
emanuel.gonza...@donweb.com 
www.envialosimple.com 
by donweb 

Nota de confidencialidad: Este mensaje y archivos adjuntos al mismo son 
confidenciales, de uso exclusivo para el destinatario del mismo. La 
divulgación y/o uso del mismo sin autorización por parte de DonWeb.com 
queda prohibida.
DonWeb.com no se hace responsable del mensaje por la falsificación y/o 
alteración del mismo.
De no ser Ud el destinatario del mismo y lo ha recibido por error, por 
favor, notifique al remitente y elimínelo de su sistema.
Confidentiality Note: This message and any attachments (the message) are 
confidential and intended solely for the addressees. Any unauthorised 
use or dissemination is prohibited by DonWeb.com.

DonWeb.com shall not be liable  for the message if altered or falsified.
If you are not the intended addressee of this message, please cancel it 
immediately and inform the sender
Nota de Confidencialidade: Esta mensagem e seus eventuais anexos podem 
conter dados confidenciais ou privilegiados.
Se você os recebeu por engano ou não é um dos destinatários aos quais 
ela foi endereçada, por favor destrua-a e a todos os seus eventuais 
anexos ou copias realizadas, imediatamente.
É proibida a retenção, distribuição, divulgação ou utilização de 
quaisquer informações aqui contidas.
Por favor, informenos sobre o recebimento indevido desta mensagem, 
retornando-a para o autor.


___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Virus Malvare not detected

Re: [clamav-users] Virus Malvare not detected

Re: [clamav-users] Virus Malvare not detected

Re: [clamav-users] Virus Malvare not detected

Re: [clamav-users] Virus Malvare not detected

Re: [clamav-users] Virus Malvare not detected

Re: [clamav-users] Virus Malvare not detected

Re: [clamav-users] Virus Malvare not detected

Re: [clamav-users] Virus Malvare not detected

Re: [clamav-users] Virus Malvare not detected

Re: [clamav-users] Virus Malvare not detected

Re: [clamav-users] Virus Malvare not detected

Re: [clamav-users] Virus Malvare not detected

Re: [clamav-users] Virus Malvare not detected

Re: [clamav-users] Virus Malvare not detected

[clamav-users] Virus Malvare not detected

16 matches

Site Navigation

Mail list logo

Footer information