On Mon, July 17, 2017 10:22 pm, Alex wrote:
> Hi guys, just submitted an "ace" archive with a .cmd inside.
>
>
> # sha1sum PROFORMA\ INVOICE_xls.ace
> 97757622d5d568b01faa9d662818eebd40b1e0c0 PROFORMA INVOICE_xls.ace
>
Hi,
I've added Sanesecurity.Malware.27099.AceHeur.Cmd to the detections...
True MP3 files contain sounds that a media player plays. Anything executable
can't be handled by the player and the worst thing that might happen would
involve crashing the player, if that's even possible.
Most, if not all scanners ignore such files. They take a long time to scan with
a high pr
Are MP3 files ignored because it is impossible that MP3 software ever
has buffer overflows or other security flaws???
Or is it because MP3 files are compressed (i.e., random-looking) and
thus may cause false positives? What about all the other compressed or
encrypted file types which might do the
Rosika,
The reason the MP3 file is not scanned is because the file type signatures
for MP3 direct that they are ignored. Particularly:
"0:0:494433:MP3:CL_TYPE_ANY:CL_TYPE_IGNORED"
and
"0:0:fffb90:MP3:CL_TYPE_ANY:CL_TYPE_IGNORED"
These definitions are in the daily.ftm file of the ClamAV virus
Hi guys, just submitted an "ace" archive with a .cmd inside.
# sha1sum PROFORMA\ INVOICE_xls.ace
97757622d5d568b01faa9d662818eebd40b1e0c0 PROFORMA INVOICE_xls.ace
We've now disabled "ace" files (who even knew they existed?)
On Thu, Jul 13, 2017 at 4:36 AM, wrote:
>
>
> 13.07.2017 05:32, Alex