Thorvald, Just another user here, but I don’t understand why you would be surprised by this. Are you under the impression that Kaspersky shares it’s samples with anybody else? As far as I know, the only way the ClamAV® team would have a sample is if one of us users submitted it to them or it was provided to them by VirusTotal. I looked on VirusTotal.com and was not able to locate a Kaspersky (or any other scanner) identification by that name.
I’m also under the impression that the ClamAV® signature team is overworked and understaffed, even though they have taken steps recently to improve that situation. Any time I find a situation such as this, I submit the samples to VirusTotal to validate my findings and if confirmed to the ClamAV® submit a file site. -Al- -- Al Varnell Mountain View, CA On May 9, 2014, at 1:28 AM, Thorvald Hallvardsson <thorvald.hallvards...@gmail.com> wrote: > Hi, > > The virus I'm looking at in particular is Trojan.Win32.Yakes.elfb. That's > how Kaspersky finds it and calls it. It was submitted at the 20th July 2011 > so it's quite old. After applying SaneSecurity databases the virus still > cannot be found. > > I tried to scan a ZIP file - no virus found. > I tried to scan extracted file - no virus found. > > Tested that file with NOD32 and Kaspersky - they both shout there is a > virus. > > So I'm quite surprised such an old stuff is not found by clamav :(. > > Regards, > TH > On 8 May 2014 19:20, Steve Basford <steveb_cla...@sanesecurity.com> wrote: >> On Thu, May 8, 2014 5:47 pm, Kris Deugau wrote: >>> I have been adding MD5 signatures, and somewhat more recently, .zmd >>> .zip-content-filename signatures (for doubled-extension files), but I do >>> not have time to dig more deeply and create more general signatures. >>> >>> -kgd >> Hi, >> >> You could add sanesecurity.com signatures >> >> phish.ndb: has some simple zip heuristics to block some of these >> rogue.hdb: updated hourly for malware received >> >> Foxhole can be added to block all double extensions in zips *or* all >> dangerous attachments in Zips/rar/7zip: >> >> sanesecurity.com/foxhole-databases/ >> >> Just in case it helps.. >> >> Cheers, >> >> Steve >> Sanesecurity _______________________________________________ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/support/ml
