[clamav-users] basic malware missed???

2015-03-24 Thread Steve Holdoway
Hi folks, I'm in the process of cleaning up an infected wordpress website and am finding a number of files that contain Inserted at the top of the file. Surely this is something pretty simple to catch? I'/m scanning the docroot nightly, and freshclam is up to date... output from just run fr

Re: [clamav-users] basic malware missed???

2015-03-24 Thread Dennis Peterson
The string you are looking for is not necessarily the only one you should be looking for for that exploit. More information here: http://somewebgeek.com/2014/wordpress-remote-code-execution-base64_decode/ Steve at SaneSecurity has a nice document on creating your own signatures here: http://sa

Re: [clamav-users] basic malware missed???

2015-03-24 Thread Al Varnell
For some reason I did not receive the OP’s e-mail. ClamAV® signature writers are reliant on samples submitted from a variety of sources, including users. You can submit such things directly to them at “Report Malware” or indirectly through Vir