Actually it appears that only "part" of AVG detects it.
Virustotal indicates that AVG cleared the file as being "clean" however
the second site (garyshood.com) seemed to use AVG "command line"
Given the reputation of some of the scanners referenced by Virustotal,
not to mention the sheer number of negative results for the file, I'd
have to question the legitimacy of garyshood.com in general
On 11/07/2016 02:10 PM, Al Varnell wrote:
So it seems to me if only one scanner detects this “test” file then it’s far
from being the universal industry standard test file that EICAR is. Maybe I’m
missing something, but your penetration testers would appear to be a fraud or
shill for AVG or both? I’m not sure why the Cisco/ClamAV folks would be
interested in it without a more persuasive argument.
-Al-
On Mon, Nov 07, 2016 at 08:26 AM, Richard McCombie wrote:
Thanks Al.
virustotal.com doesn't show any problems with the file, but a site called
Gary's Hood does:
https://www.virustotal.com/en/file/14b2420f7490e612b9f0c65af180268b2ad41c3ec209b42f4d085aacb8ef973f/analysis/1478535605/
http://www.garyshood.com/virus/results.php?r=13710b10bf25b727cbf32c29d9ba3a56
The penetration testers use the file (MD5 #:
13710b10bf25b727cbf32c29d9ba3a56) as part of their AV testing.
R
On 7 November 2016 at 16:12, Al Varnell <alvarn...@mac.com> wrote:
Try uploading it to <https://www.virustotal.com/> and give us the link to
the analysis page. I don’t find that anything with that MD5 has been
uploaded.
-Al-
On Mon, Nov 07, 2016 at 07:25 AM, Richard McCombie wrote:
I uploaded a small ASCII-format file, which, like the EICAR test file, is
supposed to trigger a warning from AV software. I'd be happy to email
this
to the appropriate address, but I won't do that until someone can confirm
which address I can use without breaking any rules.
Thank you for your help.
On 7 November 2016 at 15:21, Al Varnell wrote:
I’m a bit confused by this. Did you send a virus signature or did you
upload malware? Those are not at all the same thing.
-Al-
On Mon, Nov 07, 2016 at 06:05 AM, Richard McCombie wrote:
Thanks Joel.
I have subscribed to community-sigs; the welcome message informs me
that
virus samples are not to be sent to the list:
Welcome to the community-s...@lists.clamav.net mailing list! DO NOT
SEND VIRUS SAMPLES HERE!!! Send them through our web interface at
http://www.clamav.net/sendvirus
On 7 November 2016 at 14:01, Joel Esler (jesler) wrote:
The processing that comes in through the website is largely automated.
Submitting signatures should be done through the community-sigs list,
until
we make a submission method through the website.
Sent from my iPad
On Nov 7, 2016, at 6:45 AM, Richard McCombie wrote:
Good morning,
I submitted a virus signature (at http://www.clamav.net/reports/
malware
)
on 17th October. I used the name Richard McCombie for this.
It would be great if you could incorporate this virus sample into
your
database of virus signatures. I am working on helping a client pass
their
penetration test; they are currently failing the test, because this
virus
sample, which is detected as a virus by other scanners, passes the
ClamAV
scan undetected.
The MD5 hash of the file I submitted is:
13710b10bf25b727cbf32c29d9ba3a
56
If you want me to resubmit this file, that is no problem.
Many thanks, in advance,
Richard
_______________________________________________
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/contact.html#ml
-Al-
_______________________________________________
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/contact.html#ml
_______________________________________________
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/contact.html#ml