> I'm cleaning a server > that got badly infected, I know this doesn't answer the OP, but destroy the server and treat all data as compromised. Rebuild for a fresh trusted base and attempt to clean the data away from the original server..
-- ant > On 6 Feb 2016, at 23:41, Jesse Nicholson <ascensionsyst...@gmail.com> wrote: > > Where/how can I check on the status of a submission? I'm cleaning a server > that got badly infected, and while doing so discovered what I believe to be > a PHP exploit that maldet and clamav don't have definitions for. Virustotal > also has 0 hits on it. However, I'm sure it's malicious because the main > function block is double base 64 encoded, everything else that interacts > with it is salted and random. Decoding the main function block, there > appears to functions to compress local files and xfer them to unknown > locations. > > Anyway I've successfully created a definition for it, have nearly 300 hits > and am curious about following up after I've submitted one sample via the > website. Never done anything like this before, so looking for > guidance/advice. > > -- > Jesse Nicholson > _______________________________________________ > Help us build a comprehensive ClamAV guide: > https://github.com/vrtadmin/clamav-faq > > http://www.clamav.net/contact.html#ml _______________________________________________ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
