Re: [clamav-users] javascript ZIP virus not caught?

2016-03-15 Thread Al Varnell
There is at least one earlier discussion concerning the lack of response to submitted javascript samples, perhaps a month ago (sorry don’t have time to track it down at the moment). As I outlined earlier, there haven’t been many .js signatures to date, and hardly any recent ones that were not

Re: [clamav-users] javascript ZIP virus not caught?

2016-03-15 Thread Al Varnell
That’s the KeRanger ransomeware which we dealt with last weekend. Not related to Teslacrypt AFAIK. -Al- On Tue, Mar 15, 2016 at 10:45 AM, Dennis Peterson wrote: > > Already in the wild. > > http://www.foxnews.com/tech/2016/03/07/new-mac-os-x-ransomware-targets-apple-users.html smime.p7s

Re: [clamav-users] javascript ZIP virus not caught?

2016-03-15 Thread Dennis Peterson
Already in the wild. http://www.foxnews.com/tech/2016/03/07/new-mac-os-x-ransomware-targets-apple-users.html On 3/15/16 3:10 AM, Al Varnell wrote: Thanks, that’s what I suspected when I saw they all appeared to be downloaders. Probably won’t be long until they figure out how to attack OS X

Re: [clamav-users] javascript ZIP virus not caught?

2016-03-15 Thread Al Varnell
Thanks, that’s what I suspected when I saw they all appeared to be downloaders. Probably won’t be long until they figure out how to attack OS X with it. -Al- On Tue, Mar 15, 2016 at 01:31 AM, Steve Basford wrote: > > In case anyone is wondering these .js files, if run, are going off to >

Re: [clamav-users] javascript ZIP virus not caught?

2016-03-15 Thread Steve Basford
On Tue, March 15, 2016 4:25 am, Al Varnell wrote: >> Scanning these ZIP/.js viruses has a hit rate of about 35%. 35% of all >> antivirus packages will say they are viruses. For example running one >> through https://www.virustotal.com will say out of about 53 antivirus >> programs, 16 flag it

Re: [clamav-users] javascript ZIP virus not caught?

2016-03-14 Thread Al Varnell
Then you would probably benefit from a SecuriteInfo subscription that includes an entire Unofficial database dedicated to JavaScript . Sent from Janet's iPad -Al- On Mar 14, 2016, at 9:08 PM,

Re: [clamav-users] javascript ZIP virus not caught?

2016-03-14 Thread Scott Galambos
Scanning these ZIP/.js viruses has a hit rate of about 35%. 35% of all antivirus packages will say they are viruses. For example running one through https://www.virustotal.com will say out of about 53 antivirus programs, 16 flag it as a virus. They are definitely malware and should be

Re: [clamav-users] javascript ZIP virus not caught?

2016-03-14 Thread Scott Galambos
Thanks for the response. All I know is I keep getting them, and they are definitely unwanted. Here are a couple examples (I've renamed them): http://sites.extremehosting.ca/temp/ On 2016-03-14 11:52 PM, Al Varnell wrote: I don’t have any answers, but you have raised my curiosity level.

Re: [clamav-users] javascript ZIP virus not caught?

2016-03-14 Thread Al Varnell
I don’t have any answers, but you have raised my curiosity level. What exactly is the threat from these javascript files you are finding? In checking the over four million virus signatures provided in the official ClamAV database, I see there are only 440 labeled as “.js” based and 94% of

[clamav-users] javascript ZIP virus not caught?

2016-03-14 Thread Scott Galambos
I've upgraded to the latest Clamav 0.99.1 on Linux/Sendmail and it still is not catching all these ZIP files with .js files inside them. Is clamav suppose to stop these? I constantly get these messages with .ZIP attachments that I would think clamav should stop. Am I expecting too much?