At 10:28 AM +0200 10/13/09, Jose-Marcio Martins da Cruz wrote:
Hello,
I have 49 virus (2 kinds only) received at our mailserver last night
which weren't detected by ClamAV, but are detected by most other
antivirus available at www.virustotal.com
The name of the virus, as detected by Sophos are SophoMal/Bredo-A
(detected by 16/41) and Troj/Agent-LKL (detected by 24/41).
These are surely variants of virus already detected by Clamav.
I've just submitted one sample of each at Clamav submission interface.
Shall I submit all others ?
As long as this happens near every day since a week ago, it's
becoming annoying.
Jose,
If you use the unofficial signatures it might help you. See
http://www.sanesecurity.co.uk/databases.htm
One of my signatures, winnow_malware.hdb, detect numerous (over 3000
at present) malware that are not yet detected in stock ClamAV sigs.
The current list is documented at
http://www.oitc.com/winnow/clamsigs/MalwareSignatures.html
Undetected virus samples or urls to the virus paylaod can be sent to
virus_samples at oitc.com. They will be processed and added if
necessary to winnow_malware.hdb and will be forwarded to the official
ClamAV signature team.
Tom
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
