Richard Chapman wrote:
I am interested in Tom's list of unofficial signatures - but haven't
found the recommended way to use the signatures. Do I need to download
them periodically - or do I just add an additional freshclam
DataBaseMirror directive. In either case - exactly what is the url to
At 5:24 PM +0300 10/15/09, Jari Fredriksson wrote:
Content-Type: multipart/signed; micalg=pgp-sha1;
protocol="application/pgp-signature";
boundary="=_T3prA2NkQhJdMqo4E_3U4WfuiiDVVM"
Content-Disposition: inline
Does ClamAV somehow dedicate to email format (base64) or how it is
possible that i
15.10.2009 17:24, Jari Fredriksson kirjoitti:
Does ClamAV somehow dedicate to email format (base64) or how it is
possible that is does not recognise this
http://www.iki.fi/jarif/malware/FILE_UPS_c380a16.zip
That's an UPS fraud, W32/Bredolab.D.gen!Eldorado by F-Prot.
Uh. The point was that
Does ClamAV somehow dedicate to email format (base64) or how it is
possible that is does not recognise this
http://www.iki.fi/jarif/malware/FILE_UPS_c380a16.zip
That's an UPS fraud, W32/Bredolab.D.gen!Eldorado by F-Prot.
--
http://www.iki.fi/jarif/
An exotic journey in downtown Newark is in
At 1:23 PM +0100 10/15/09, Steve Basford wrote:
> Undetected Outlook Express malware:
h t t p :/ / www.iki.fi/jarif/malware/install.zip
That's one of 'em:
Sanesecurity.Rogue.736.UNOFFICIAL
FYI Official ClamAV sigs now detect as Trojan.Inject-2443 I just
noticed that my winnow.malware.75
15.10.2009 16:47, Tom Shaw kirjoitti:
At 4:30 PM +0300 10/15/09, Jari Fredriksson wrote:
Content-Type: multipart/signed; micalg=pgp-sha1;
protocol="application/pgp-signature";
boundary="=_6GorA2txt0CVliaTmJuBPNhCIqDzZA"
Content-Disposition: inline
Undetected IRS scam variant.
http://www.iki
At 4:30 PM +0300 10/15/09, Jari Fredriksson wrote:
Content-Type: multipart/signed; micalg=pgp-sha1;
protocol="application/pgp-signature";
boundary="=_6GorA2txt0CVliaTmJuBPNhCIqDzZA"
Content-Disposition: inline
Undetected IRS scam variant.
http://www.iki.fi/jarif/malware/tax-statement.exe
-
At 3:14 PM +0300 10/15/09, Jari Fredriksson wrote:
Content-Type: multipart/signed; micalg=pgp-sha1;
protocol="application/pgp-signature";
boundary="=_20nrA2UWvqBocwzbhDgZQrQ22plLxr"
Content-Disposition: inline
15.10.2009 14:55, Tom Shaw kirjoitti:
The samples I have of that one are being
At 1:23 PM +0100 10/15/09, Steve Basford wrote:
> Undetected Outlook Express malware:
h t t p :/ / www.iki.fi/jarif/malware/install.zip
That's one of 'em:
Sanesecurity.Rogue.736.UNOFFICIAL
Well that one didn't get detected by standard ClamAV. Must be running
multiple payloads
That one
Undetected IRS scam variant.
http://www.iki.fi/jarif/malware/tax-statement.exe
--
http://www.iki.fi/jarif/
A classic is something that everyone wants to have read
and nobody wants to read.
-- Mark Twain, "The Disappearance of Literature"
pgptHhkej7lOn.pgp
Description: PGP sig
> Undetected Outlook Express malware:
> h t t p :/ / www.iki.fi/jarif/malware/install.zip
That's one of 'em:
Sanesecurity.Rogue.736.UNOFFICIAL
Cheers,
Steve
Sanesecurity
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
ht
> Steve,
>
> The samples I have of that one are being detected by ClamAV standard
> sigs as Trojan.Peed-477. Wonder why you and some others didn't detect
> it with standard sigs? Could this be a problem? Do you have samples
> that were undetectable?
Not sure Tom... here's a quick test...
Offici
15.10.2009 14:55, Tom Shaw kirjoitti:
The samples I have of that one are being detected by ClamAV standard
sigs as Trojan.Peed-477. Wonder why you and some others didn't detect it
with standard sigs? Could this be a problem? Do you have samples that
were undetectable?
Tom
Undetected Outlo
At 10:18 AM +0100 10/15/09, Steve Basford wrote:
> I am interested in Tom's list of unofficial signatures - but haven't
found the recommended way to use the signatures. Do I need to download
them periodically - or do I just add an additional freshclam
DataBaseMirror directive. In either case
> I am interested in Tom's list of unofficial signatures - but haven't
> found the recommended way to use the signatures. Do I need to download
> them periodically - or do I just add an additional freshclam
> DataBaseMirror directive. In either case - exactly what is the url to
> download from - or
I am interested in Tom's list of unofficial signatures - but haven't
found the recommended way to use the signatures. Do I need to download
them periodically - or do I just add an additional freshclam
DataBaseMirror directive. In either case - exactly what is the url to
download from - or to ad
16 matches
Mail list logo
