A user reported Avast had detected a zipped .exe malware dropper as "Win32.Oficla-BJ [Drp]". I submitted a sample via the ClamAV site on 3 December, but it seems the signature still hasn't been published and the file is still not detected.
I believe it has been in the SaneSecurity/OITC winnow list as "winnow.malware.53029.UNOFFICIAL" (664e5d375dd84b52ee02590a524007f0:160848) since about 5 December. In a case like this, is the file still being analysed? Or is there some reason for the signature not being published, like the fact it is already in winnow.malware? I appreciate everything people at ClamAV do, but wonder how much malware might be leaking through. I'm loathe to use all the SaneSecurity & OITC rules as I am afraid of false positives and already have a good anti-spam & anti-phish system. Does anyone run two instances of clamd on the same server, one for blocking official sigs and one for scoring through SpamAssassin's ClamAVPlugin? All best wishes CK _______________________________________________ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
