Filbert wrote:
On Tuesday 03 January 2006 10:39, Diego d'Ambra wrote:
Abdul Rehman Gani wrote:
Hi,
Clamscan currently detects Exploit.WMF.A, but F-Secure are reporting 57
different varieties. How many does this signature detect?
Just an update:
I believe that with daily.cvd version 1225, you can expect (almost)
complete detection of WMF exploits.
Currently ClamAV has received 93 malware variants, all detected as
Exploit.WMF.A or Exploit.WMF.Gen-3.
For those who wish to test their ClamAV installation see:
http://isc.sans.org/diary.php?rss&storyid=1006
I'm afraid my squid+dansguardion+clamav (with daily.cvd v 1225) does not
detect exploited wmf's created by metasploit.
The signatures has been updated twice since 1225 (IIRC) to better detect
randomized variants.
But I've not seen any malware that use the "new" randomize techniques.
Daily.cvd 1229 should detect samples produced by Metasploit
ie_xp_pfv_metafile version 1.14, but please submit samples if you
discover any that isn't detected.
Best regards,
Diego d'Ambra
_______________________________________________
http://lurker.clamav.net/list/clamav-users.html
