Login | Register For Free | Help
Search for: (Advanced)

Mailing List Archive: ClamAV: users

Undetected Virus

  

 
ClamAV users RSS feed   Index | Next | Previous | View Threaded


gerard at seibercom

Jan 17, 2006, 4:23 PM

Post #1 of 9 (1150 views)
Permalink
Undetected Virus
I have the latest version of ClamAV and the signature files installed,
however it fails to detect the Win32.Blackmail.F virus.

My mail is delivered to a FreeBSD server that I run. One of the machines
on the network is a WinXP machine running ZoneAlarm Suite. When this
Windows machine POPs mail from the mail server it detects this virus. It
has happened three times in the past 24 hours. The messages are marked
as clean by ClamAV.

Is this something that I should be reporting to someone?

Thanks!

--
Gerard Seibert
gerard [at] seibercom

_______________________________________________
http://lurker.clamav.net/list/clamav-users.html


niek at asbak

Jan 17, 2006, 4:29 PM

Post #2 of 9 (1125 views)
Permalink
Re: Undetected Virus [In reply to]
On 1/18/2006 1:23 AM +0100, Gerard Seibert wrote:
> Is this something that I should be reporting to someone?
>
> Thanks!

http://clamav.net
"submit sample"

Regards,
Niek
_______________________________________________
http://lurker.clamav.net/list/clamav-users.html


prandal at herefordshire

Jan 18, 2006, 3:22 AM

Post #3 of 9 (1117 views)
Permalink
RE: Undetected Virus [In reply to]
> I have the latest version of ClamAV and the signature files
> installed, however it fails to detect the Win32.Blackmail.F virus.
>
> My mail is delivered to a FreeBSD server that I run. One of
> the machines on the network is a WinXP machine running
> ZoneAlarm Suite. When this Windows machine POPs mail from the
> mail server it detects this virus. It has happened three
> times in the past 24 hours. The messages are marked as clean
> by ClamAV.
>
> Is this something that I should be reporting to someone?
>
> Thanks!
>
> --
> Gerard Seibert
> gerard [at] seibercom

I submitted a sample yesterday afternoon (GMT) to
http://cgi.clamav.net/sendvirus.cgi , http://virusscan.jotti.org/ , and
http://www.virustotal.com/

Cheers,

Phil
----
Phil Randal
Network Engineer
Herefordshire Council
Hereford, UK
_______________________________________________
http://lurker.clamav.net/list/clamav-users.html


gerard at seibercom

Jan 18, 2006, 9:25 AM

Post #4 of 9 (1108 views)
Permalink
Re: Undetected Virus [In reply to]
"Randal, Phil" <prandal [at] herefordshire>

> I submitted a sample yesterday afternoon (GMT) to
> http://cgi.clamav.net/sendvirus.cgi , http://virusscan.jotti.org/ , and
> http://www.virustotal.com/
>
> Cheers,
>
> Phil

Thanks! I have a question though. I created a directory
"/var/mail/quarantine" in which quarantined email is supposed to go. I
assume that I would send the suspected email message from that directory
for analyses. Is that correct?

Ciao

--
Gerard Seibert
gerard [at] seibercom

_______________________________________________
http://lurker.clamav.net/list/clamav-users.html


steveb_clamav at sanesecurity

Jan 23, 2012, 11:53 PM

Post #5 of 9 (75 views)
Permalink
Re: undetected virus [In reply to]
> Dear list,
>
> We received a virus not detected by Clamav. VirusTotal shows a 23/43
> detection ratio. Trend Micro recogises it as TROJ_GEN.R06C8AN.
> Yesterday I submitted a sample to Clamav. But till now it's not detected.
> https://www.virustotal.com/file/d6a2ae622adae26cc7988e68edfa6898364b423a47b8eeebb3d917459cd99a68/analysis/
>
> What should be the reason of this?

Hi,

I've added a quick hash into Sanesecurity's rogue.hdb... if you aren't
using Sanesecurity signatures, just add this line into a .hdb file, for
example localmalware.hdb and restart clamd:

0479013c040882b2b287c2bad1dbd8a6:39765:Sanesecurity.Rogue.2340

Cheers,

Steve
Sanesecurity

_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml


alvarnell at mac

Jan 24, 2012, 12:05 AM

Post #6 of 9 (75 views)
Permalink
Re: undetected virus [In reply to]
On Jan 23, 2012, at 11:44 PM, polloxx <polloxx [at] gmail> wrote:

> We received a virus not detected by Clamav. VirusTotal shows a 23/43
> detection ratio. Trend Micro recogises it as TROJ_GEN.R06C8AN.
> Yesterday I submitted a sample to Clamav. But till now it's not detected.
> https://www.virustotal.com/file/d6a2ae622adae26cc7988e68edfa6898364b423a47b8eeebb3d917459cd99a68/analysis/
>
> What should be the reason of this?

The clamav team consist of volunteers who work as quickly as they can, when they can. You should not expect immediate action, especially if it was a busy weekend.


Sent from Janet's iPad

-Al-
--
Al Varnell
Grateful user from Mountain View, CA
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml


polloxx at gmail

Jan 24, 2012, 12:52 AM

Post #7 of 9 (75 views)
Permalink
Re: undetected virus [In reply to]
On Tue, Jan 24, 2012 at 9:05 AM, Al Varnell <alvarnell [at] mac> wrote:
> On Jan 23, 2012, at 11:44 PM, polloxx <polloxx [at] gmail> wrote:
>
>> We received a virus not detected by Clamav. VirusTotal shows a 23/43
>> detection ratio. Trend Micro recogises it as TROJ_GEN.R06C8AN.
>> Yesterday I submitted a sample to Clamav. But till now it's not detected.
>> https://www.virustotal.com/file/d6a2ae622adae26cc7988e68edfa6898364b423a47b8eeebb3d917459cd99a68/analysis/
>>
>> What should be the reason of this?
>
> The clamav team consist of volunteers who work as quickly as they can, when they can.  You should not expect immediate action, especially if it was a busy weekend.
>

I know Al. That's not my point.
P.
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml


jesler at sourcefire

Jan 24, 2012, 12:13 PM

Post #8 of 9 (75 views)
Permalink
Re: undetected virus [In reply to]
This has been handled.

On Tue, Jan 24, 2012 at 3:52 AM, polloxx <polloxx [at] gmail> wrote:

> On Tue, Jan 24, 2012 at 9:05 AM, Al Varnell <alvarnell [at] mac> wrote:
> > On Jan 23, 2012, at 11:44 PM, polloxx <polloxx [at] gmail> wrote:
> >
> >> We received a virus not detected by Clamav. VirusTotal shows a 23/43
> >> detection ratio. Trend Micro recogises it as TROJ_GEN.R06C8AN.
> >> Yesterday I submitted a sample to Clamav. But till now it's not
> detected.
> >>
> https://www.virustotal.com/file/d6a2ae622adae26cc7988e68edfa6898364b423a47b8eeebb3d917459cd99a68/analysis/
> >>
> >> What should be the reason of this?
> >
> > The clamav team consist of volunteers who work as quickly as they can,
> when they can. You should not expect immediate action, especially if it
> was a busy weekend.
> >
>
> I know Al. That's not my point.
> P.
> _______________________________________________
> Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
> http://www.clamav.net/support/ml
>



--
Joel Esler | http://blog.snort.org | http://vrt-blog.snort.org |
http://blog.clamav.net
Twitter: http://twitter.com/snort
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml


polloxx at gmail

Jan 25, 2012, 12:21 AM

Post #9 of 9 (71 views)
Permalink
Re: undetected virus [In reply to]
On Tue, Jan 24, 2012 at 9:13 PM, Joel Esler <jesler [at] sourcefire> wrote:
> This has been handled.
>

I noticed this. Thanks.
P.
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

ClamAV users RSS feed   Index | Next | Previous | View Threaded
 
 


Interested in having your list archived? Contact Gossamer Threads
 
  Web Applications & Managed Hosting Powered by Gossamer Threads Inc.