In order to get feedback you must join the clamav-virusdb mailing-list <http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-virusdb>.
Hopefully someone will come along and give you something to work with while you are waiting. -Al- On Thu, Sep 24, 2015 at 11:56 PM, Hajo Locke wrote: > > Hello, > > > Am 25.09.2015 um 08:32 schrieb Al Varnell: >> Why not just submit them to the ClamAV signature team so that all of us will >> benefit from what you’ve found? > > ok, i did create the malware report. in past i submitted some times FP or > malware but never got any answer or reaction. So i thought creating > signatures by my own is faster. > I think in this moment this malware is used to send spam on one of our > servers. > >> >> <http://www.clamav.net/report/report-malware.html> >> >> -Al- >> >> On Thu, Sep 24, 2015 at 11:27 PM, Hajo Locke wrote: >>> Hello, >>> >>> these days we see new type of php-malware. Malware occurs in many >>> different files, but all expand to same php-malware. >>> >>> for examle here i have 4 files i have found: >>> http://pastebin.com/TzudTPPt >>> >>> All files expand to something like this and are used to send spam: >>> http://pastebin.com/jhVRMwpE >>> >>> I dont find big similarities to create one powerful signature. Need help to >>> create one signature. Otherwise i had to create one signature for each file. >>> Please give me a hint in this case. >>> >>> Thanks, >>> Hajo >>> >>> >>> _______________________________________________ >>> Help us build a comprehensive ClamAV guide: >>> https://github.com/vrtadmin/clamav-faq >>> >>> http://www.clamav.net/contact.html#ml > > Hajo > _______________________________________________ > Help us build a comprehensive ClamAV guide: > https://github.com/vrtadmin/clamav-faq > > http://www.clamav.net/contact.html#ml -Al- -- Al Varnell Mountain View, CA
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
