Just submitted two new samples, as I received them today;
SHA1(28.zip)= d0f18efb2d92c0528fab3736b134d5ad13d23be3 SHA1(29.zip)= b399b5c9e6e4567740825ac85754191a7648dfaa On 25.12.2015 02:05, Al Varnell wrote:
Surely you cannot mean that all of those represent critical threats that require immediate attention from the already overworked ClamAV signature team?
what do you really think are these?just as an expanded sample the complete E-mail, where I removed the malware content; I get these regularily, and for this another way of submission -> just an E-mail-Address, where to forward these ...
-----[ 28.eml ]----- Return-Path: <[email protected]> Received: from storage.mail ([unix socket]) by storage.mail (Cyrus v2.3.16-Fedora-RPM-2.3.16-13.el6_6) with LMTPA; Fri, 25 Dec 2015 03:01:35 +0100 X-Sieve: CMU Sieve 2.3Received: from filter.mail by storage.mail (Postfix) with ESMTP id CE10B62834
Received: by filter.mail (Postfix) id C38334905 X-From-noReply-Box: yes Delivered-To: [email protected] Received: by filter.mail (Postfix, userid 500) id BE1B84913 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on filter.mail X-Spam-Status: No, score=2.1 required=4.0 tests=HELO_LH_HOME,XPRIO autolearn=no version=3.3.1 Received: from filter.mail by filter.mail (Postfix) with ESMTP id 6774F4905 Envelope-to: [email protected] Delivery-date: Fri, 25 Dec 2015 02:03:37 +0100 Received: from [w4y-pop-server] by filter.mail with POP3 (fetchmail-6.3.17) Received: from [81.19.149.129] (helo=mx19lb.world4you.com) by mail12.world4you.com with esmtp (Exim 4.76) (envelope-from <[email protected]>) id 1aCGnA-0001D7-Uf for [email protected]; Fri, 25 Dec 2015 02:03:36 +0100 Received: from [188.132.250.211] (helo=ns1.adanabook.com) by mx19lb.world4you.com with esmtps (TLSv1:AES256-SHA:256) (Exim 4.77) (envelope-from <[email protected]>) id 1aCGnA-0003qG-Hu for [email protected]; Fri, 25 Dec 2015 02:03:36 +0100 Received: by ns1.adanabook.com (Postfix, from userid 10006) id 1B3ED10EE07; Fri, 25 Dec 2015 04:08:11 +0200 (EET) To: [email protected]X-PHP-Originating-Script: 10006:post.php(5) : regexp code(1) : eval()'d code(17) : eval()'d code
Date: Fri, 25 Dec 2015 04:08:11 +0200 From: "Interfax Online" <[email protected]> Reply-To: "Interfax Online" <[email protected]> Message-ID: <[email protected]> X-Priority: 3 MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="b1_9d092492ac2cddaeaa628f93cbfb66a1" Content-Transfer-Encoding: 8bit X-SA-Exim-Connect-IP: 188.132.250.211 X-SA-Exim-Mail-From: [email protected] Subject: [SPAM] You have received a new fax, document 0000471075 X-Spam-Prev-Subject: You have received a new fax, document 0000471075 X-SA-Exim-Version: 4.2.1 (built Sat, 28 Apr 2007 14:02:57 +0200) X-SA-Exim-Scanned: Yes (on mx19lb.world4you.com) --b1_9d092492ac2cddaeaa628f93cbfb66a1 Content-Type: text/plain; charset=us-ascii A new fax document for you. Please, download fax document attached to this email. Filesize: 150 Kb File name: scan-0000471075.doc Scanned in: 9 seconds Scanned at: Thu, 24 Dec 2015 17:05:33 +0300 From: Gerald Calhoun Number of pages: 5 Quality: 300 DPI Thank you for using Interfax! --b1_9d092492ac2cddaeaa628f93cbfb66a1 Content-Type: application/zip; name="scan-0000471075.zip" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename=scan-0000471075.zip #content#removed# --b1_9d092492ac2cddaeaa628f93cbfb66a1-- -----[ 29.eml ]----- Return-Path: <[email protected]> Received: from storage.mail ([unix socket]) by storage.mail (Cyrus v2.3.16-Fedora-RPM-2.3.16-13.el6_6) with LMTPA; Fri, 25 Dec 2015 08:50:07 +0100 X-Sieve: CMU Sieve 2.3Received: from filter.mail by storage.mail (Postfix) with ESMTP id 4E24D635DA
Received: by filter.mail (Postfix) id 3799C491C X-From-noReply-Box: yes Delivered-To: [email protected] Received: by filter.mail (Postfix, userid 500) id 2E66A4948 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on filter.mail X-Spam-Status: No, score=2.1 required=4.0 tests=HELO_LH_HOME,XPRIO autolearn=no version=3.3.1 Received: from filter.mail by filter.mail (Postfix) with ESMTP id 045E84905 Envelope-to: [email protected] Delivery-date: Fri, 25 Dec 2015 07:21:09 +0100 Received: from [w4y-pop-server] by filter.mail with POP3 (fetchmail-6.3.17) Received: from [81.19.149.133] (helo=mx23lb.world4you.com) by mail12.world4you.com with esmtp (Exim 4.76) (envelope-from <[email protected]>) id 1aCLkT-0002YU-M4 for [email protected]; Fri, 25 Dec 2015 07:21:09 +0100 Received: from [209.239.57.35] (helo=host3.webhostingservers.net) by mx23lb.world4you.com with esmtp (Exim 4.77) (envelope-from <[email protected]>) id 1aCLkS-0000UT-Sq for [email protected]; Fri, 25 Dec 2015 07:21:09 +0100 Received: (from www@localhost) by host3.webhostingservers.net (8.14.3/8.12.10) id tBP5RTEW028021; Fri, 25 Dec 2015 00:27:29 -0500 To: [email protected] Date: Fri, 25 Dec 2015 00:27:29 -0500 From: "Interfax Online" <[email protected]> Reply-To: "Interfax Online" <[email protected]> Message-ID: <[email protected]> X-Priority: 3 MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="b1_65c1451b368193580c19c5cf984dd73f" Content-Transfer-Encoding: 8bit X-SA-Exim-Connect-IP: 209.239.57.35 X-SA-Exim-Mail-From: [email protected] Subject: [SPAM] You have received a new fax, document 00845094 X-Spam-Prev-Subject: You have received a new fax, document 00845094 X-SA-Exim-Version: 4.2.1 (built Sat, 22 Jan 2011 20:12:41 -0500) X-SA-Exim-Scanned: Yes (on mx23lb.world4you.com) --b1_65c1451b368193580c19c5cf984dd73f Content-Type: text/plain; charset=us-ascii You have received a new fax. Please check your fax document in the attachment to this e-mail. File name: scan-00845094.doc Sender: Manuel Hooper File size: 102 Kb Resolution: 400 DPI Scan date: Thu, 24 Dec 2015 10:20:07 +0300 Pages scanned: 6 Scan duration: 21 seconds Thanks for using Interfax service! --b1_65c1451b368193580c19c5cf984dd73f Content-Type: application/zip; name="scan-00845094.zip" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename=scan-00845094.zip #content#removed# --b1_65c1451b368193580c19c5cf984dd73f--
Sent from Janet's iPad -Al- On Dec 24, 2015, at 4:03 PM, "Walter H." wrote:these were my submissions for file in *; do openssl dgst -hex -sha1 $file; done SHA1(10.zip)= 2c7d87bbd9aeeae639214c133145b5bdb8c719bb SHA1(11.zip)= 0e82eb5d1531b74a6caa1d2fb2bba13da79e2350 SHA1(12.zip)= ea4ac41e53eb70d3b9bbbc3dde3ecac8b6682d17 SHA1(13.zip)= 80fbe131689950c038b8b48ee8a7deee2e06045b SHA1(14.zip)= 53ac263e6b355b3efb48ce45b7e843bbeeb2f249 SHA1(15.zip)= 96aea47723c3ea3c233ec9bd7883e6bda8144c6c SHA1(16.zip)= 2ecdccd3579575218deadeedabbe1748606059fd SHA1(17.zip)= 39186baa3ab826ebd21a9077fc80abdfa843534f SHA1(18.zip)= 54cce491ec4a22a9c863fc41c1ba0a703e29e0c2 SHA1(19.zip)= 87d134b5690b5f5790c2f95dabc897d199d6736c SHA1(1.zip)= 6545894fdd07d2d2d6028863115ccd075cfb6f5c SHA1(20.zip)= 8a2524427ca7391b7055c70ad62806cd9eaa51cd SHA1(21.zip)= 5c15419eff4cd9b388e5a35bdfbc426995f968e1 SHA1(22.zip)= 232b431ca4e479dcf8ab790f5335c362f1fa9adb SHA1(23.zip)= 94cfcc924b1d0f24bbabeff209e90b8ced1d44ff SHA1(24.zip)= 3b989cb4166d393e1ea6a6c993342abc9825c496 SHA1(25.zip)= ab5c9980bd14654ddb6dbbc76ba2199cc1052584 SHA1(26.html.zip)= 5a8b01f1a3f1381bed9abd7502dec80dc6b6bec0 SHA1(27.zip)= 11bf007b15d624b40da6818393c5eb173110cf1f SHA1(2.html)= b2387db0fa718da3aaa5f00d4ce2d68048e96d73 SHA1(3.zip)= c66d681323f169b38b57bb8af215fa1f4434b3c7 SHA1(4.html)= 3e6e688d4780c1ebc4cf0d2f5caedaae531f08bf SHA1(5.zip)= a5b5a277eddae25f8d947622d6ddec4b38c5f494 SHA1(6.zip)= 6e59c943545977f58f87b49724bbac2eb31afe02 SHA1(7.zip)= a8821aeae2ab15640a0647c5842162a2074ed7e3 SHA1(8.zip)= 7239a63577aabd46069636aacb85b1ca725a11d0 SHA1(9.zip)= 298aa02cf43c1fa961117b2f7c5838c04a28df9a
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
