Fred, Signatures covering your samples will be released shortly.
Thanks, - Alain On Fri, May 22, 2015 at 10:16 AM, Fred Wittekind <r...@twister.dyndns.org> wrote: > Have recently run in to a large number of emails getting past my employers > email filtering, all zip files, with executables inside, and all > malicious. We've submitted the samples to the ClamAV submission form, and > to virustotal.com, when first submitted to virustotal, very few engines > (as little as 2) detected these files. > > It's been a few days now, and ClamAV still doesn't detect our first > submission. Does it simply take longer, or is something else going on? > None of the samples look similar to me, aside from the fact of how they are > transmitted, and they all seem to start sending emails once they infect a > machine. I would love to know how they are related. > > md5sum: > 2c93921e09438f60974e47747edd9ef1 5crispian.zip > f120b6aac5beed398c7452dac82d5aa4 Document(25).zip > 9014b68b0b027ae6a34f087787997630 Docx.zip > dca1fd285e055431c55c63daf02165b6 Scan.zip > > sha256sum: > 059eb5cc0df8e99ffb968bf7ecaae117b4fc7a67f64083ad61650b0f458b08f5 > 5crispian.zip > acb67bc804a3fa962a630d16ca8be5b08719feb6d7273926ee4e5641b99998a3 > Document(25).zip > 446f7e7815a5d4ffceab589eb5868c7ab2b86aa42cb114288d57fa9e0fd3cad3 Docx.zip > ce8ae7909d82fd8cd5d88a3aa8e3f96ed85e53aabe9739cb9d30a2e72e013e3b Scan.zip > > One of the samples was detected by 3rd party definitions: > 5crispian.zip: Sanesecurity.Malware.8538.UNOFFICIAL FOUND > > Thanks > Fred > _______________________________________________ > Help us build a comprehensive ClamAV guide: > https://github.com/vrtadmin/clamav-faq > > http://www.clamav.net/contact.html#ml > _______________________________________________ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
