I pretty much disagree with this. 90% or greater of what is sent into clamav.net<http://clamav.net> is covered in less than 24 hours, and to a much greater degree. We don’t aim to cover just the sample you sent in, we cover all the variants of that sample at the time, if possible.
On Dec 21, 2020, at 3:34 PM, max <m...@sbg.at<mailto:m...@sbg.at>> wrote: hi eric, Am 21.12.20 um 17:59 schrieb eric-l...@truenet.com<mailto:eric-l...@truenet.com>: Sorry to bother, but do you guys want raw emails or just the payload Word Docs? I just sent payloads, since they are real emails with responses and a virus attached. this is pretty useless as clamav's reporting process is far too slow or or is not made for rapidly changing attack vectors used by emotet (never saw clamav hits with default signatures enabled on the last big emotet waves on my side, may be different somewhere else). for hunting emotet you can report to sanesecurity where steve and his team are taking care and use their 3rd-party signatures. and/or use urlhaus (driven by abuse.ch<http://abuse.ch/>) 3rd-party signatures feeded by lots of (emotet) malware hunters floating around on https://twitter.com/cryptolaemus1 - all of them doing a great job here. btw - lots of vulnerable/unpatched wordpress installs involved as always, may be related to fresh CVE-2020-35489 https://www.getastra.com/blog/911/plugin-exploit/contact-form-7-unrestricted-file-upload-vulnerability/ regards max I can however scrub the raws and send a few of those as well. Sincerely, Eric Tykwinski TrueNet, Inc. P: 610-429-8300 _______________________________________________ clamav-users mailing list clamav-users@lists.clamav.net<mailto:clamav-users@lists.clamav.net> https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml _______________________________________________ clamav-users mailing list clamav-users@lists.clamav.net<mailto:clamav-users@lists.clamav.net> https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
_______________________________________________ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
