Re: [clamav-users] Identifying jar virus file

2015-10-25 Thread Rajesh M
- Original Message - From: Shaun Hurley [mailto:shahu...@sourcefire.com] To: clamav-users@lists.clamav.net Sent: Wed, 21 Oct 2015 07:29:57 -0400 Subject: Re: [clamav-users] Identifying jar virus file Al, This is not a false positive. The file is malicious. I am working on making

Re: [clamav-users] Identifying jar virus file

2015-10-21 Thread Shaun Hurley
Al, This is not a false positive. The file is malicious. I am working on making detection signatures for the malware. Thanks, Shaun Hurley On Tue, Oct 20, 2015 at 9:00 PM, Alex wrote: > Hi, > > > On Tue, Oct 20, 2015 at 11:57 AM, Al Varnell wrote: >

Re: [clamav-users] Identifying jar virus file

2015-10-20 Thread Al Varnell
According to this, Sophos should see it as Troj/JavaBz-ZO: submitted yesterday. Microsoft detects it as Trojan:Java/Adwind.P and Kaspersky calls it Trojan.Java.Adwind.af -Al- On Tue,

Re: [clamav-users] Identifying jar virus file

2015-10-20 Thread Alex
Hi, On Tue, Oct 20, 2015 at 11:57 AM, Al Varnell wrote: > According to this, Sophos should see it as Troj/JavaBz-ZO: > > submitted yesterday. > > Microsoft detects

Re: [clamav-users] Identifying jar virus file

2015-10-20 Thread Alex
On Mon, Oct 19, 2015 at 9:59 PM, Alain Zidouemba wrote: > Send the sample here: http://www.clamav.net/reports/malware > > Provide the MD5 or SHA256 of the sample on this mailing list. afa496ee1ffaba2ba17ddd50f9163bef PaymentInvoice.jar I'd really appreciate hearing

[clamav-users] Identifying jar virus file

2015-10-19 Thread Alex
Hi, I have a jar file that is apparently identified as a virus by Microsoft as "Trojan.Java.Adwind.af" but not a virus by either clamav or sophos. Microsoft apparently first identified this early this year, so I'm curious why it's not being tagged by clamav or sophos. I know I can upload a

Re: [clamav-users] Identifying jar virus file

2015-10-19 Thread Alain Zidouemba
Send the sample here: http://www.clamav.net/reports/malware Provide the MD5 or SHA256 of the sample on this mailing list. Thanks, - Alain On Mon, Oct 19, 2015 at 7:28 PM, Alex wrote: > Hi, > I have a jar file that is apparently identified as a virus by > Microsoft as

Re: [clamav-users] Identifying jar virus file

2015-10-19 Thread Al Varnell
It seems evident to me that the reason is that Microsoft doesn’t share it’s samples with other A-V signature writers. Somebody needs to provide the sample to ClamAV, Sophos, VirusTotal, etc. and it might as well be you now that you know where to upload it to. -Al- On Mon, Oct 19, 2015 at