Ok, I have just submitted another sample of my Javascript malware: Time: 12:20pm Pacific Time Filename: javascript_0dc34d954f.js SHA-256 hash: bc848dfab812f767970783f4926bba8c32b4071a270540b9b3a679d5ff0dcc3f
On Mon, Feb 15, 2016 at 7:59 AM, Joel Esler (jesler) <jes...@cisco.com> wrote: > That's preferable. But any hash will do. > > -- > Joel Esler > Manager, Talos Group > Sent from my iPad > > On Feb 15, 2016, at 10:53 AM, "gerald.ve...@gmail.com<mailto: > gerald.ve...@gmail.com>" <gerald.ve...@gmail.com<mailto: > gerald.ve...@gmail.com>> wrote: > > Hi Joel! > > Of course, I understand! What hash are you using? I couldn't see any on > the website when submitting. Is it a regular SHA-256 hash? > > Also if it helps I can resubmit the file and send the hash and time of > submission to this mailing list. > > Thx, > > Gerald > > On Feb 15, 2016, at 07:23, Joel Esler (jesler) <jes...@cisco.com<mailto: > jes...@cisco.com>> wrote: > > Gerald, > > We need to verify that we've received your file, and this is something we > are working on. That being said, we receive millions of samples a day, so > it helps, if you want to point out the hash of the file to us on the list, > we can get to it. > > -- > Joel Esler > Manager, Talos Group > Sent from my iPad > > On Feb 15, 2016, at 10:15 AM, Gerald Venzl <gerald.ve...@gmail.com<mailto: > gerald.ve...@gmail.com><mailto:gerald.ve...@gmail.com>> wrote: > > Hey, > > Well, Clam still doesn't find that Trojan even after updating it so I > assume it didn't work for me. Is there any convenient way for me to check? > Sorry, I'm totally new to ClamAV and Linux security in general. Appreciate > any guidance. > > Thx, > > On Mon, Feb 15, 2016 at 1:52 AM, Mark Allan <markjal...@gmail.com<mailto: > markjal...@gmail.com><mailto:markjal...@gmail.com>> wrote: > > Hi, > > I've been getting this for a few days. The first time I received it, the > rogue sig was removed from the DB shortly afterwards, so I assumed* it > worked OK and that it was just a bug in the code that composes the email > response. > > Mark > * yes, yes I know what assuming does to U and me. > > On 15 Feb 2016, at 2:14 am, Gerald Venzl <gerald.ve...@gmail.com<mailto: > gerald.ve...@gmail.com><mailto:gerald.ve...@gmail.com>> wrote: > > Hi all, > > Since yesterday I try to submit a JavaScript malware sample but I always > get that the sample is empty, see below. > Does that mean that the file upload wasn't successful (which the webpage > clearly indicates it was, otherwise I wouldn't be able to submit) or does > that mean that it didn't find anything? > > There clearly is a JavaScript Trojan in the file that gets detected by > Kaspersky and by Defender. > > Thanks, > > Gerald > > ---------- Forwarded message ---------- > From: <nore...@clamav.net<mailto:nore...@clamav.net><mailto: > nore...@clamav.net>> > Date: Sun, Feb 14, 2016 at 5:57 PM > Subject: Successfully processed > To: gerald.ve...@gmail.com<mailto:gerald.ve...@gmail.com><mailto: > gerald.ve...@gmail.com> > > > Hello Gerald Venzl, > > Below are the results of your submission report. > > [image: Clam logo] *ClamAV Virus Database* > > > > ------------------------------ > Result: > > > The sample is empty. > > Please correct the above errors and retry. > Thank you for helping the ClamAV project. > > > > ------------------------------ > Back > < > > https://u1866465.ct.sendgrid.net/wf/click?upn=wCdUmvM14jIY6EO4m6-2Bypuq-2FksvlhgiLVHZ8uV8NzEk-3D_qXAT4r6GpFM8PJslqVNTR35RVArFr64rBZkn2DoImhmxqoaL-2FbYa9FB9QL0Q-2FAlVmtxOQPySz-2FOcVY5J-2BBFQJviY6ueA6bLt2poLDC1OWA1S7-2FJBElB1-2BgoWMinTXNJVMT9HbhgSY0VJszNvZkupDpp7duu2iFWSxIxho9tN1volFPEoMMk0M7zkBvRXHNzsXKXAP0nKUYKUr8PORhme6Pit8yPIT3RUvH30ci0-2FMsw-3D > > to ClamAV > > [image: Valid HTML 4.01!] > < > > https://u1866465.ct.sendgrid.net/wf/click?upn=iDBMwgBkTUzjhherDuu3iIBSCOD9ahUCLuKTY1UvBGPmWWXNxK3b2T81rgeU9-2BiU_qXAT4r6GpFM8PJslqVNTR35RVArFr64rBZkn2DoImhmxqoaL-2FbYa9FB9QL0Q-2FAlVqJwUiqcyPA-2BQP5tU8QRkxehztyrMCt8c2o8A7PYera4NwsSuxhvQ2T4QaTehkY6Ik-2BOYtBFgWIoIgslGBOjm-2BEqn-2BzGwjGvHmvH2nWBdQXbwG192FC6oEWezjJQYDbnTCqEj6HapDHKfTF1ctfVbrOO-2FE5IKfzDQw5h6uk8Qzjo-3D > > > Thanks, > > *The Detection Response Team* > _______________________________________________ > Help us build a comprehensive ClamAV guide: > https://github.com/vrtadmin/clamav-faq > > http://www.clamav.net/contact.html#ml > > _______________________________________________ > Help us build a comprehensive ClamAV guide: > https://github.com/vrtadmin/clamav-faq > > http://www.clamav.net/contact.html#ml > > _______________________________________________ > Help us build a comprehensive ClamAV guide: > https://github.com/vrtadmin/clamav-faq > > http://www.clamav.net/contact.html#ml > _______________________________________________ > Help us build a comprehensive ClamAV guide: > https://github.com/vrtadmin/clamav-faq > > http://www.clamav.net/contact.html#ml > _______________________________________________ > Help us build a comprehensive ClamAV guide: > https://github.com/vrtadmin/clamav-faq > > http://www.clamav.net/contact.html#ml > _______________________________________________ > Help us build a comprehensive ClamAV guide: > https://github.com/vrtadmin/clamav-faq > > http://www.clamav.net/contact.html#ml > _______________________________________________ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
