On Sat, 2008-10-25 at 16:27 +0200, Karsten Bräckelmann wrote: > Recent flood of (German only?) Trojan.Agent malware, partly slipping by > ClamAV. So I now am submitting samples where I spot 'em...
FWIW, also reported by Heise (sorry, German only). http://www.heise.de/security/news/meldung/117971 Robert, just consider yourself lucky you didn't see any of them. ;) > By doing so, two questions came up: > > (a) After testing the sample message with Virustotal, should I even > bother submitting it from clamav.net, too? If memory serves me > correctly, these samples are being forwarded to the ClamAV sig team > anyway. Just couldn't find any note on the websites... Any takers? Are virus samples checked by Virustotal automatically forwarded to the ClamAV sig team? > (b) When submitting on clamav.net I opted in for "notify me" and "stay > anonymous". However, I didn't get any notification about yesterdays > sample, which already has been added to the sigs. How comes, is this > broken? Probably just an oops or something, I *did* receive a notification mail about further samples submitted. Sending these from mailer-daemon isn't the best choice IMHO, though. > Thanks in advance for any insight, that might help speed up the process > and not waste our sig teams time unnecessarily. Let's try this again. :) -- char *t="[EMAIL PROTECTED]"; main(){ char h,m=h=*t++,*x=t+2*h,c,i,l=*x,s=0; for (i=0;i<l;i++){ i%8? c<<=1: (c=*++x); c&128 && (s+=h); if (!(h>>=1)||!t[s+h]){ putchar(t[s]);h=m;s=0; }}} _______________________________________________ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
