This is the clamav-users list. We're all a bunch of nobodies here. There are
other lists that may be more appropriate for you and your problem. The
recommendation to not send samples to this list is a general case and a good
one. If people come to believe it will get faster results then the like
Hi Al,
It's a php script. Do you have automatic php script evaluation and
execution built into your current shell? If so, you shouldn't be involved
in anything to do with security and or computers in general. "Not sure who
the intended audience is" well, neither was I because the website provides
On Sun, Feb 07, 2016 at 01:59 PM, Jesse Nicholson wrote:
>
> Not sure if I'm allowed to upload stuff here
I’m certainly glad that it is not allowed as I’m sure nobody here would
appreciate receiving a malware sample. Hopefully anybody that would find your
information useful in their situation
Not sure if I'm allowed to upload stuff here, but to follow up on this,
I've attached a zip containing the original decoded infection php code, the
infection in its natural state (doubly base64 encoded), definitions that
match it, and other nfo like a simple script that can clean the infection
with
@ant indeed, this is what I'm doing. Original server is gone, new server
was built from the ground up but the xferred required user files (web root)
is quarantined while I go through it and lean up. There's a really nasty
php injection that appears to intercept, proxy requests to various IPs that
c
> I'm cleaning a server
> that got badly infected,
I know this doesn't answer the OP, but destroy the server and treat all data as
compromised.
Rebuild for a fresh trusted base and attempt to clean the data away from the
original server..
-- ant
> On 6 Feb 2016, at 23:41, Jesse Nicholson wro
Here, but you need to supply the MD5 of the sample in order for it to be found.
To get feedback as to if and when a signature has been issued, you must be
subscribed to the clamav-virusdb list. You would then need to search the daily
for your name.
There is also a signature program that allows
unsubscribe
The information contained in this e-mail and in any attachments is intended
only for the person or entity to which it is addressed and may contain
confidential and/or privileged material. Any review, retransmission,
dissemination or other use of, or taking of any action in relia
On 5/22/2015 2:06 PM, Alain Zidouemba wrote:
Fred,
Signatures covering your samples will be released shortly.
Thanks,
- Alain
Just submitted a new one. virustotal shows this new one caught by 6/57
right now.
$ md5sum 534867712.zip
9c3e54cf5a1afed90deb7762d9e97326 *534867712.zip
$ sha25
Fred,
Signatures covering your samples will be released shortly.
Thanks,
- Alain
On Fri, May 22, 2015 at 10:16 AM, Fred Wittekind
wrote:
> Have recently run in to a large number of emails getting past my employers
> email filtering, all zip files, with executables inside, and all
> malicious.
On Fri, May 22, 2015 4:32 pm, sebast...@debianfan.de wrote:
> Are there any specialties die Sendung samples - f.e. zipping with
> password ?
>
You can zip with password infected if you need to...but not 100% needed.
or maybe use http://free.mailbigfile.com/
Cheers,
Steve
Web : sanesecurity.com
Are there any specialties die Sendung samples - f.e. zipping with password ?
> Am 22.05.2015 um 16:35 schrieb Steve Basford :
>
> Hi Fred,
>
> Can you send me the missed samples please
>
> samp...@sanesecurity.me.uk
>
>
>
> ___
> Help us build a co
On 5/22/2015 10:35 AM, Steve Basford wrote:
Hi Fred,
Can you send me the missed samples please
samp...@sanesecurity.me.uk
Think I found a way that will work to get them to you, I put them on a
web server, and sent the URLs to the email address you provided.
Thanks
Fred
___
On 5/22/2015 10:35 AM, Steve Basford wrote:
Hi Fred,
Can you send me the missed samples please
samp...@sanesecurity.me.uk
Do you have a way I send send them to you other than email? I added
some md5 based signatures to our outbound mail server already (not the
best solution in the world, bu
Hi Fred,
Can you send me the missed samples please
samp...@sanesecurity.me.uk
___
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/contact.html#ml
15 matches
Mail list logo
