I tried adding all the directories using *OnAccessIncludePath* and did not
add /proc/ but it will not scan /var/
It errors out with this.
*ERROR: ClamInotif: could not watch path '/var/', 3*
I found one page that talked about how socket files can be scanned and that
could be the problem, but
"Vaccine for Emotet Malware" at "Schneier on Security":
https://www.schneier.com/crypto-gram/archives/2020/0915.html#cg2
On Wed, 16 Sep 2020 16:27:45 +0200
Brent Clark via clamav-users wrote:
> Hiya
>
> Thanks so much.
>
> I know the community and the internet as a whole, stands to gain
Hiya
Thanks so much.
I know the community and the internet as a whole, stands to gain from
your efforts / work.
Regards
Brent
On 2020/09/16 15:45, G.W. Haywood via clamav-users wrote:
Hi there,
On Wed, 16 Sep 2020, Brent Clark via clamav-users wrote:
Did you submit to Sanesecurity too?
Hi there,
On Wed, 16 Sep 2020, Brent Clark via clamav-users wrote:
Did you submit to Sanesecurity too?
If not. Can you please consider submitting there too.
Our automated system routinely submits to Sansecurity. Unfortunately
this outbreak occurred while we're in the throes of big
Hiya
Did you submit to Sanesecurity too?
If not. Can you please consider submitting there too.
Please see:
https://sanesecurity.com/contact-us/
Many thanks
Regards
Brent
On 2020/09/16 15:04, G.W. Haywood via clamav-users wrote:
Hi there,
On Wed, 16 Sep 2020, Joel Esler (jesler) via
Hi all,
Well, i didn't look what kind of virus is emotet and i supposed it's
spread trough executable file where the defenses presented should work.
For the emotet itself i am using the list provided by abuse.ch guys ( i
suggest trough all the defenses they have) but those two might/should
Hi there,
On Wed, 16 Sep 2020, Joel Esler (jesler) via clamav-users wrote:
Can you provide the SHA256 hash of a couple of the files?
If you want something quickly I've already submitted examples in the
last couple of days.
--
73,
Ged.
___
Can you provide the SHA256 hash of a couple of the files?
--
Joel Esler
Manager, Communities Division
Cisco Talos Intelligence Group
http://www.talosintelligence.com | https://www.snort.org
> On Sep 16, 2020, at 4:43 AM, clamav-users@lists.clamav.net wrote:
>
> Hello,
>
> Today, we
Hi there,
On Wed, 16 Sep 2020, Cyril AECK via lists.clamav.net wrote:
Is there a reason why the Emotet detection rate is very low for ClamAV?
The macro in the attachment is heavily disguised. See for example
https://blog.malwarebytes.com/trojans/2020/07/long-dreaded-emotet-has-returned/
Hi Cyril,
How did you transmitted the virus ? Via email? As attachments ? It was
compress or uncompressed ?
I know you might not agree with me but my suggestion is to block from
MTA sending executable file. (exe,bat,pif,scr,dll, etc). Most of the
MTAs are anyway directly rejecting when such
By transmitted, do you mean by email? If so, what are you using to feed email
messages to ClamAV?
Also, what platform and version are you running and what version of ClamAV?
Sent from my iPad
-Al-
On Sep 16, 2020, at 01:44, SG/SNUM/UNI/DETN/GMCD emis par AECK Cyril -
SG/SNUM/UNI/DETN/GMCD
Hello,
Today, we transmitted a significant amount of Emotet files that were
undetected by ClamAV,
(verification done under VirusTotal).
Is there a reason why the Emotet detection rate is very low for ClamAV?
Thank you in advance.
Best regards,
---
Cyril AECK
Service du numérique - SNum
12 matches
Mail list logo
