Hi list,
I found another signature in the daily.ldb that needs to be removed, I think.
Scan results on all our servers running Netdata:
/opt/netdata/bin/srv/netdata: Unix.Dropper.Mirai-7540607-0 FOUND
Found it in daily.ldb like this:
Unix.Dropper.Mirai-7540607-0;Engine:51-255,Target:6;0&1&2&3&4;557365722d4167656e743a2025732f2573;4e6f206368696c642070726f63657373;436f6e6e656374696f6e207265736574206279206e6574776f726b;4e6f74206120736f636b6574;536f636b6574206e6f7420636f6e6e6563746564
Searching the netdata binary for the above hex values give me these strings:
User-Agent: %s/%s
No child process
Connection reset by network
Not a socket
Socket not connected
I think this rule should also be removed.
Best regards,
Mikael Bak
_______________________________________________
clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/contact.html#ml
I found another signature in the daily.ldb that needs to be removed, I think.
Scan results on all our servers running Netdata:
/opt/netdata/bin/srv/netdata: Unix.Dropper.Mirai-7540607-0 FOUND
Found it in daily.ldb like this:
Unix.Dropper.Mirai-7540607-0;Engine:51-255,Target:6;0&1&2&3&4;557365722d4167656e743a2025732f2573;4e6f206368696c642070726f63657373;436f6e6e656374696f6e207265736574206279206e6574776f726b;4e6f74206120736f636b6574;536f636b6574206e6f7420636f6e6e6563746564
Searching the netdata binary for the above hex values give me these strings:
User-Agent: %s/%s
No child process
Connection reset by network
Not a socket
Socket not connected
I think this rule should also be removed.
Best regards,
Mikael Bak
_______________________________________________
clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/contact.html#ml