Re: [clamav-users] Pdf.Phishing.CWS4c384287-9890237-0

2021-09-10 Thread Lilia Gonzalez Medina
Hi Dan! Thank you for bringing this to our attention. From a quick check of some of the samples alerting with this signature it does seem like it could be causing FPs. The signature will be dropped for now. Best regards, Lilia Gonzalez Malware Research Team Cisco Talos On Fri, Sep 10, 2021 at 1

Re: [clamav-users] Urlhaus.Malware.364328-9787819-0

2021-02-15 Thread Lilia Gonzalez Medina
alware.364328-9787819-0: > > > https://addons.cdn.mozilla.net/user-media/addons/607454/ublock_origin-1.33.2-an+fx.xpi?filehash=sha256%3A5c3a5ef6f5b5475895053238026360020d6793b05541d20032ea9dd1c9cae451 > > This is with today's update. > > Orion > > On 2/8/21 10:39 AM, Lil

Re: [clamav-users] Question about Urlhaus.Malware.452652-9766253-0

2021-02-08 Thread Lilia Gonzalez Medina
: > 1 Time(s) > > > https://cdn.statically.io/gl/curben/urlhaus-filter/master/urlhaus-filter-online.txt > : > 1 Time(s) > > > https://gitcdn.xyz/cdn/curbengh/urlhaus-filter/14db9cf6ad7bfff32779d68d12b869e6f7e8ec1a/urlhaus-filter-online.txt > : > 1 Time(s) > > >

Re: [clamav-users] Question about Urlhaus.Malware.452652-9766253-0

2021-01-08 Thread Lilia Gonzalez Medina
rigin-1.32.4-an+fx.xpi?filehash=sha256%3A5b94fd7f749319a6ff6d83dd20b05b29e733446465aff2ab7669499a3e8fb9cc > : > 1 Time(s) > > Though that is a different signature. > > Orion > > On 1/7/21 7:56 AM, Lilia Gonzalez Medina wrote: > > Hi Orion! > > > > Those NBD signatures w

Re: [clamav-users] Question about Urlhaus.Malware.452652-9766253-0

2021-01-07 Thread Lilia Gonzalez Medina
1.1.3 > https://addons.cdn.mozilla.net/user-media/addons/607454/ublock_origin-1.32.4-an+fx.xpi?filehash=sha256%3A5b94fd7f749319a6ff6d83dd20b05b29e733446465aff2ab7669499a3e8fb9cc: > 1 Time(s) > > > Orion > > On 1/4/21 8:43 AM, Lilia Gonzalez Medina wrote: > > Hi Orion! > > > > Thank you for reporting this. URLhaus is a pa

Re: [clamav-users] Question about Urlhaus.Malware.452652-9766253-0

2021-01-04 Thread Lilia Gonzalez Medina
Hi Orion! Thank you for reporting this. URLhaus is a partner that generates a list of ClamAV signatures to target malicious URLs. Signature Urlhaus.Malware.452652-9766253-0 looks for a malicious URL inside HTML files, which is why it is alerting on the URLs you mentioned. We found these FPs some w

Re: [clamav-users] Xls.Malware.Sagent-7132944-0

2020-08-14 Thread Lilia Gonzalez Medina
Hey Matt! Thank you for reporting this. The signature has been dropped while we investigate the situation to prevent more FPs. Lilia Gonzalez Medina Malware Research Team Cisco Talos On Fri, Aug 14, 2020 at 11:10 AM Matt Campbell via clamav-users < clamav-users@lists.clamav.net> wrote: &

Re: [clamav-users] Elmedia Player.app detection

2019-12-10 Thread Lilia Gonzalez Medina
Hey Douglas! Would you like to provide the hash of the file? That would help us confirm it's a FP. There's also a research about a specific version of Elmedia Player being trojanized that might provide more insight: https://www.welivesecurity.com/2017/10/20/osx-proton-supply-chain-attack-elmedia/