Re: [clamav-users] fake mp3, real malware.
On 2016-06-06 21:39, Steven Morgan wrote: Sorry, try it now. solved https://bugzilla.clamav.net/show_bug.cgi?id=11156 fail ___ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] fake mp3, real malware.
Sorry, try it now. On Mon, Jun 6, 2016 at 3:30 PM, Benny Pedersen wrote: > On 2016-06-06 18:12, Steven Morgan wrote: > >> Tracking with https://bugzilla.clamav.net/show_bug.cgi?id=11582. >> > > You are not authorized to access bug #11582. > > ___ > Help us build a comprehensive ClamAV guide: > https://github.com/vrtadmin/clamav-faq > > http://www.clamav.net/contact.html#ml > ___ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] fake mp3, real malware.
On 2016-06-06 18:12, Steven Morgan wrote: Tracking with https://bugzilla.clamav.net/show_bug.cgi?id=11582. You are not authorized to access bug #11582. ___ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] fake mp3, real malware.
Tracking with https://bugzilla.clamav.net/show_bug.cgi?id=11582. On Sat, Jun 4, 2016 at 10:21 AM, Arnaud Jacques / SecuriteInfo.com < webmas...@securiteinfo.com> wrote: > Hello Clamav, > > A new malware is an ascii text begining by "ID3 = ". > Clamav see it as an MP3 file : > > clamscan --debug SecuriteInfo.com.JS.Downloader.Agent.15736.18211.371 > (...) > LibClamAV debug: Recognized MP3 file > (...) > > clamscan -V > ClamAV 0.99.2/21668/Sat Jun 4 11:35:05 2016 > > The problem is this ascii malware cannot be normalised, but it should be. > > The sample has been sent to http://www.clamav.net/reports/malware > > md5sum of malware sent is : 023bff926f5852ba0e58a72c10e77f2a > > -- > Best regards, > > Arnaud Jacques > SecuriteInfo.com > > Facebook : https://www.facebook.com/pages/SecuriteInfocom/132872523492286 > Twitter : @SecuriteInfoCom > ___ > Help us build a comprehensive ClamAV guide: > https://github.com/vrtadmin/clamav-faq > > http://www.clamav.net/contact.html#ml > ___ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
[clamav-users] fake mp3, real malware.
Hello Clamav, A new malware is an ascii text begining by "ID3 = ". Clamav see it as an MP3 file : clamscan --debug SecuriteInfo.com.JS.Downloader.Agent.15736.18211.371 (...) LibClamAV debug: Recognized MP3 file (...) clamscan -V ClamAV 0.99.2/21668/Sat Jun 4 11:35:05 2016 The problem is this ascii malware cannot be normalised, but it should be. The sample has been sent to http://www.clamav.net/reports/malware md5sum of malware sent is : 023bff926f5852ba0e58a72c10e77f2a -- Best regards, Arnaud Jacques SecuriteInfo.com Facebook : https://www.facebook.com/pages/SecuriteInfocom/132872523492286 Twitter : @SecuriteInfoCom ___ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml