Always, as a reminder, we have the ClamAV Community sigs list, which anyone in the world can submit signatures to us, which we’ll put through the system and they’ll go out in the official list.
http://blog.clamav.net/2014/02/introducing-clamav-community-signatures.html -- Joel Esler Open Source Manager Threat Intelligence Team Lead Vulnerability Research Team On Jun 23, 2014, at 2:00 PM, Dennis Peterson <denni...@inetnw.com<mailto:denni...@inetnw.com>> wrote: Quick dump of found signature results: ClamAV vs Basford et al Unofficial sigs, total: grep UNOFFICIAL clam* |wc -l 174 Unofficial Sane Security sigs found grep Sanesecur.*FOUND clam* |wc -l 141 Official ClamAV sigs found: grep FOUND clam* |grep -c -v UNOFFICIAL 10 Non-Sanesecurity unofficial sigs found: grep UNOFFICIAL clam* |grep -v Sanesecurity |awk '{print $8}' |sort |uniq -c |sort -rn 7 winnow.spam.ts.stock.4.UNOFFICIAL 7 ScamNailer.Phish.info_AT_un.org.UNOFFICIAL 3 winnow.spam.ts.miscspam.843424.UNOFFICIAL 3 winnow.malware.m0.malware.863749.UNOFFICIAL 2 winnow.spam.ts.yahoo.1.UNOFFICIAL 2 winnow.spam.ts.miscspam.848859.UNOFFICIAL 2 ScamNailer.Phish.info_AT_uk-lotto.co.uk.UNOFFICIAL 1 winnow.spam.ts.photoeditting.12.UNOFFICIAL 1 winnow.spam.ts.miscspam.842244.UNOFFICIAL 1 ScamNailer.Phish.test_AT_test.com.UNOFFICIAL 1 ScamNailer.Phish.neyland_AT_gonzaga.edu.UNOFFICIAL 1 ScamNailer.Phish.info_AT_loan.com.UNOFFICIAL 1 ScamNailer.Phish.info_AT_it.org.UNOFFICIAL 1 ScamNailer.Phish.fedmail_AT_fedmail.prime-vendor.com.UNOFFICIAL 33 Good job, Steve. On 6/23/14, 10:36 AM, Steve Basford wrote: On Mon, June 23, 2014 4:47 pm, Walter Bürger wrote: This morning I submitted the file Rechnung_23_14_06_198630274520031_telekom_deutschland_GmbH.exe (MD5 ad690be247dda635781e20887fcac0e7) on virustotal.com<http://virustotal.com>. 4 out of 54 scanners detected a virus (NOD32 named it Win32/Kryptik.CFAE) but ClamAV did not detect it. Hi Walter, This was added to phish.ndb: Sanesecurity.Malware.23787.ZipHeur Added: 23 Jun 2014 09:32:40 UT Cheers, Steve Sanesecurity.com<http://Sanesecurity.com> _______________________________________________ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/support/ml _______________________________________________ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/support/ml _______________________________________________ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/support/ml
