hi eric, Am 21.12.20 um 17:59 schrieb eric-l...@truenet.com: > Sorry to bother, but do you guys want raw emails or just the payload > Word Docs? > > I just sent payloads, since they are real emails with responses and a > virus attached.
this is pretty useless as clamav's reporting process is far too slow or or is not made for rapidly changing attack vectors used by emotet (never saw clamav hits with default signatures enabled on the last big emotet waves on my side, may be different somewhere else). for hunting emotet you can report to sanesecurity where steve and his team are taking care and use their 3rd-party signatures. and/or use urlhaus (driven by abuse.ch) 3rd-party signatures feeded by lots of (emotet) malware hunters floating around on https://twitter.com/cryptolaemus1 - all of them doing a great job here. btw - lots of vulnerable/unpatched wordpress installs involved as always, may be related to fresh CVE-2020-35489 https://www.getastra.com/blog/911/plugin-exploit/contact-form-7-unrestricted-file-upload-vulnerability/ regards max > I can however scrub the raws and send a few of those as well. > > Sincerely, > > > > Eric Tykwinski > > TrueNet, Inc. > > P: 610-429-8300 > > > > > > > > _______________________________________________ > > clamav-users mailing list > clamav-users@lists.clamav.net > https://lists.clamav.net/mailman/listinfo/clamav-users > > > Help us build a comprehensive ClamAV guide: > https://github.com/vrtadmin/clamav-faq > > http://www.clamav.net/contact.html#ml > _______________________________________________ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
