Hi, The virus I'm looking at in particular is Trojan.Win32.Yakes.elfb. That's how Kaspersky finds it and calls it. It was submitted at the 20th July 2011 so it's quite old. After applying SaneSecurity databases the virus still cannot be found.
I tried to scan a ZIP file - no virus found. I tried to scan extracted file - no virus found. Tested that file with NOD32 and Kaspersky - they both shout there is a virus. So I'm quite surprised such an old stuff is not found by clamav :(. Regards, TH On 8 May 2014 19:20, Steve Basford <steveb_cla...@sanesecurity.com> wrote: > > On Thu, May 8, 2014 5:47 pm, Kris Deugau wrote: > > > > > I have been adding MD5 signatures, and somewhat more recently, .zmd > > .zip-content-filename signatures (for doubled-extension files), but I do > > not have time to dig more deeply and create more general signatures. > > > > -kgd > > Hi, > > You could add sanesecurity.com signatures > > phish.ndb: has some simple zip heuristics to block some of these > rogue.hdb: updated hourly for malware received > > Foxhole can be added to block all double extensions in zips *or* all > dangerous attachments in Zips/rar/7zip: > > sanesecurity.com/foxhole-databases/ > > Just in case it helps.. > > Cheers, > > Steve > Sanesecurity > > _______________________________________________ > Help us build a comprehensive ClamAV guide: > https://github.com/vrtadmin/clamav-faq > http://www.clamav.net/support/ml > _______________________________________________ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/support/ml
