Hello list, Although I've been subscribed to this list from Nov 2006, I have not seen a clear explanation about the process that takes place from virus sample submission to the moment that virus definition takes place into the official virusdb and clamscan starts actually detecting the submitted malware. The reason for this post is that I submitted several files few weeks ago, of what seems to be a rootkit. Namely the files: soxpeca.exe noytcyr.exe tdydowkc.exe roytctm.exe mabidwe.exe and afisicx.exe Googling for all of them returns results firmly pointing at malware origin. For example here[0] is a discussion started from an infected person, trying to clean his windows 2003 server. To this day clamscan does not detect any of these infections. I do not want this to go out as a rant, rather I would like to know - what can I personally do to speed up the process of detection for this (and future) malware besides just reporting and submitting it? Some premature analysis for example? And in this particular case, if clamscan will not detect these threats, can I build my own virus definitions that detects those infections and merge them with clamav ones? Maybe there was such a discussion and I've overlooked it? Any pointers will be much appreciated, and sorry for any bad wording - I am not a native English speaker.
[0] http://www.geekstogo.com/forum/Rootkit-Trojan-soxpeca-madibwe-noytcyr-roytctm-afisicx-tdydowkc-t220440.html -- regards Plamen Vassilev Software Engineer & System Administrator Bulgaria, Varna T: +359 5105 4155 C: +359 899 989647 ICQ: 73027127 Skype: plamen.vassilev E: plamen.vassi...@gmail.com _______________________________________________ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
