Doesn’t detect to RAT Al, if you don’t want to run my unofficial sigs I would be happy to provide them to Joel for incorporation into official db.
> On Jan 4, 2017, at 5:12 PM, Al Varnell <alvarn...@mac.com> wrote: > > Can somebody with access to those samples run them against a virgin ClamAV > signature database to answer the question? I'd be happy to if there are > samples I can access. > > -Al- > > On Wed, Jan 04, 2017 at 07:33 AM, TR Shaw wrote: >> >> I added detection in winnow_extended_malware.hdb which is distributed is the >> sanesecurity feed the day after the JAR was released. I also searched for >> the RAT and added signatures for that as well in winnow_malware_links.ndb >> >> Signatures are identified as winnow.Trojan.GRIZZLY_STEPPE.<identifier> >> >> Tom >> >> >>> On Jan 4, 2017, at 10:26 AM, Andrew McGrath <and...@checkout51.com> wrote: >>> >>> I'm being asked a question by our security team that I am struggling >>> to answer. The question is "Does ClamAV detect Grizzly Steppe?". >>> >>> I've hunted around the archives, support pages and google, but do not >>> see any discussion about this, could anyone comment? >>> >>> Thank you! > _______________________________________________ > clamav-users mailing list > clamav-users@lists.clamav.net > http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users > > > Help us build a comprehensive ClamAV guide: > https://github.com/vrtadmin/clamav-faq > > http://www.clamav.net/contact.html#ml
signature.asc
Description: Message signed with OpenPGP using GPGMail
_______________________________________________ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
