Mailing List Archive

* Jorge Bastos:

> I have a virus file that came on an email, and clamav doesn't detect
> [...]
> Here's the file.

Seriously? Do *NOT* send virus files to a public mailing list.

-Ralph

_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

It's just the link :P
How would you be able to test then? ;)

ok won't send again.. but the default virus db doesn't seems to be
enought, is there other db's to include?
The windows defender detected the .rar as virus imediately so i guess
it's a known one no?

Jorge

On 2022-03-21 17:33, Ralph Seichter via clamav-users wrote:

> * Jorge Bastos:
>
>> I have a virus file that came on an email, and clamav doesn't detect
>> [...]
>> Here's the file.
>
> Seriously? Do *NOT* send virus files to a public mailing list.
>
> -Ralph
>
> _______________________________________________
>
> clamav-users mailing list
> clamav-users@lists.clamav.net
> https://lists.clamav.net/mailman/listinfo/clamav-users
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml

Jorge,

There are a lot of alternative signatures.
Sanesecurity: http://sanesecurity.com/
Malware Patrol: https://www.malwarepatrol.net/clamav-configuration-guide/
or you can use something like clamav-unofficial-sigs: https://github.com/extremeshok/clamav-unofficial-sigs


> On Mar 21, 2022, at 4:35 PM, Jorge Bastos <mysql.jorge@decimal.pt> wrote:
>
> It's just the link :P
> How would you be able to test then? ;)
>
> ok won't send again.. but the default virus db doesn't seems to be enought, is there other db's to include?
> The windows defender detected the .rar as virus imediately so i guess it's a known one no?
>
> Jorge
>
> On 2022-03-21 17:33, Ralph Seichter via clamav-users wrote:
>
>> * Jorge Bastos:
>>
>>> I have a virus file that came on an email, and clamav doesn't detect
>>> [...]
>>> Here's the file.
>>
>> Seriously? Do *NOT* send virus files to a public mailing list.
>>
>> -Ralph
>>
>> _______________________________________________
>>
>> clamav-users mailing list
>> clamav-users@lists.clamav.net <mailto:clamav-users@lists.clamav.net>
>> https://lists.clamav.net/mailman/listinfo/clamav-users <https://lists.clamav.net/mailman/listinfo/clamav-users>
>>
>>
>> Help us build a comprehensive ClamAV guide:
>> https://github.com/vrtadmin/clamav-faq <https://github.com/vrtadmin/clamav-faq>
>>
>> http://www.clamav.net/contact.html#ml <http://www.clamav.net/contact.html#ml>
>
> _______________________________________________
>
> clamav-users mailing list
> clamav-users@lists.clamav.net
> https://lists.clamav.net/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml

The accepted way would be to supply a link to the VirusTotal scan that
didn't detect it.

--Maarten

On Mon, Mar 21, 2022 at 4:36 PM Jorge Bastos <mysql.jorge@decimal.pt> wrote:

> It's just the link :P
> How would you be able to test then? ;)
>
> ok won't send again.. but the default virus db doesn't seems to be
> enought, is there other db's to include?
> The windows defender detected the .rar as virus imediately so i guess it's
> a known one no?
>
> Jorge
>
> On 2022-03-21 17:33, Ralph Seichter via clamav-users wrote:
>
> * Jorge Bastos:
>
> I have a virus file that came on an email, and clamav doesn't detect
> [...]
> Here's the file.
>
>
> Seriously? Do *NOT* send virus files to a public mailing list.
>
> -Ralph
>
> _______________________________________________
>
> clamav-users mailing list
> clamav-users@lists.clamav.net
> https://lists.clamav.net/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml
>
>
>
> _______________________________________________
>
> clamav-users mailing list
> clamav-users@lists.clamav.net
> https://lists.clamav.net/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml
>

It's best to scrub links if they're going to be included on the mailer.
Helps prevent automatic hyperlinking by the client.

Ideally, please submit the sample via the following form:
https://www.clamav.net/reports/malware

On Mon, Mar 21, 2022 at 4:36 PM Jorge Bastos <mysql.jorge@decimal.pt> wrote:

> It's just the link :P
> How would you be able to test then? ;)
>
> ok won't send again.. but the default virus db doesn't seems to be
> enought, is there other db's to include?
> The windows defender detected the .rar as virus imediately so i guess it's
> a known one no?
>
> Jorge
>
> On 2022-03-21 17:33, Ralph Seichter via clamav-users wrote:
>
> * Jorge Bastos:
>
> I have a virus file that came on an email, and clamav doesn't detect
> [...]
> Here's the file.
>
>
> Seriously? Do *NOT* send virus files to a public mailing list.
>
> -Ralph
>
> _______________________________________________
>
> clamav-users mailing list
> clamav-users@lists.clamav.net
> https://lists.clamav.net/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml
>
>
>
> _______________________________________________
>
> clamav-users mailing list
> clamav-users@lists.clamav.net
> https://lists.clamav.net/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml
>


--
Christopher Marczewski
Research Engineer, Talos
Cisco Systems
443-832-2975

* Jorge Bastos:

> It's just the link :P

That matters little. Some mailing list subscriber might give in to
temptation and download the virus file while not in a properly isolated
environment, and trigger the payload due to incompetence or bad luck.

> How would you be able to test then? ;)

As was already pointed out in other responses, maintainers of virus
signatures usually describe how best to submit virus samples on their
respective web sites.

> ok won't send again..

Thanks.

-Ralph

_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Hi there,

On Mon, 21 Mar 2022, Christopher Marczewski wrote:

> Ideally, please submit the sample via the following form:
> https://www.clamav.net/reports/malware

Or you can create a signature and submit it, but see

https://lists.clamav.net/pipermail/clamav-users/2022-March/012519.html

for extra information.

--

73,
Ged.

_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml