I'm still getting the email saying "your sample was empty", so I'm posting here
too.
The Ramnit series of sigs is hitting a bunch of files which have been resident
on users' HDs and scanned as clean for many years. VT also reports ClamAV as
the only vendor detecting an infection. To clear the infections, I'm having to
add the following sig names in an ign2 file.
Win.Trojan.Ramnit-7261
Win.Trojan.Ramnit-7262
Win.Trojan.Ramnit-7263
Win.Trojan.Ramnit-7264
Win.Trojan.Ramnit-7265
Win.Trojan.Ramnit-7173
Win.Trojan.Ramnit-7174
Win.Trojan.Ramnit-7175
Win.Trojan.Ramnit-7176
Hashes of the samples I uploaded are:
f3c174edcbaef7cb947d6357cdfde7ff:422912:m3jp2k32.dll
881c86b65b44d8033575a402a2aa1ab1:454656:vsshdsd.dll
Cheers
Mark
_______________________________________________
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/contact.html#ml
