Re: [clamav-users] Reporting malware/false negatives

Both of these have been marked and should ship in an upcoming CVD. -- Joel Esler | Talos: Manager | jes...@cisco.com On Apr 2, 2017, at 4:44 PM, Alex mailto:mysqlstud...@gmail.com>> wrote: Hi, I submitted a number of encrypted word macro viruses within the last 48

Re: [clamav-users] Reporting malware/false negatives

Hi, I submitted a number of encrypted word macro viruses within the last 48 hours, two of which still appear to not be tagged properly. Is there something you can say about the large number of encrypted word doc viruses we've seen over the last few weeks? # md5sum pbj5a57gw5-pMlSuWbYRjT1.docx g9kf

Re: [clamav-users] Reporting malware/false negatives

I just added Doc.Dropper.Agent-6136130-0 to the scan system, it should be published today. -- Joel Esler | Talos: Manager | jes...@cisco.com On Mar 22, 2017, at 9:43 AM, Alex mailto:mysqlstud...@gmail.com>> wrote: Hi, How long does it typically take for a sample

Re: [clamav-users] Reporting malware/false negatives

Hi, >> How long does it typically take for a sample to be analyzed and a >> pattern to be created? > > Generally speaking, a couple hours (sometimes 4, sometimes 8, depending on > automation schedules) Because it was encrypted, it may be a bit more > difficult, so I'll have to look into it. Wh

Re: [clamav-users] Reporting malware/false negatives

Hello Alex, > Hi, I reported an encrypted word macro virus this morning, and this > evening it is still not detected by sanesecurity or clamav proper. Could you please send it to webmas...@securiteinfo.com too ? Thank you. -- Best regards, Arnaud Jacques SecuriteInfo.com Facebook : https://ww

Re: [clamav-users] Reporting malware/false negatives

That is a fundamentally different type of "free". I think that, all in all, the clamav folks do an amazing job with signature distribution, specially for submitted samples. > On Mar 21, 2017, at 6:41 PM, Al Varnell wrote: > > Actually, the still give their macOS/OS X product away for free. >

Re: [clamav-users] Reporting malware/false negatives

Actually, the still give their macOS/OS X product away for free. Sent from Janet's iPad -Al- On Mar 21, 2017, at 6:22 PM, "Joel Esler (jesler)" wrote: >> I don't even bother reporting them to sophos, et al because it's >> sometimes days before they're added. I was expecting better from >> clama

Re: [clamav-users] Reporting malware/false negatives

Inline. -- Sent from my iPhone > On Mar 21, 2017, at 20:27, Alex wrote: > > Hi, I reported an encrypted word macro virus this morning, and this > evening it is still not detected by sanesecurity or clamav proper. > > How long does it typically take for a sample to be analyzed and a > pattern

[clamav-users] Reporting malware/false negatives

Hi, I reported an encrypted word macro virus this morning, and this evening it is still not detected by sanesecurity or clamav proper. How long does it typically take for a sample to be analyzed and a pattern to be created? What is the typical procedure going on behind the scenes? Is this a prior