clamav-users May 2014 archive
Main Archive Page > Month Archives  > clamav-users archives
clamav-users: Re: [clamav-users] Clamav is not finding any virus

Re: [clamav-users] Clamav is not finding any viruses

From: Thorvald Hallvardsson <thorvald.hallvardsson_at_nospam>
Date: Fri May 09 2014 - 08:28:09 GMT
To: ClamAV users ML <clamav-users@lists.clamav.net>

Hi,

The virus I'm looking at in particular is Trojan.Win32.Yakes.elfb. That's
how Kaspersky finds it and calls it. It was submitted at the 20th July 2011
so it's quite old. After applying SaneSecurity databases the virus still
cannot be found.

I tried to scan a ZIP file - no virus found.
I tried to scan extracted file - no virus found.

Tested that file with NOD32 and Kaspersky - they both shout there is a
virus.

So I'm quite surprised such an old stuff is not found by clamav :(.

Regards,
TH

On 8 May 2014 19:20, Steve Basford <steveb_clamav@sanesecurity.com> wrote:

>
> On Thu, May 8, 2014 5:47 pm, Kris Deugau wrote:
>
> >
> > I have been adding MD5 signatures, and somewhat more recently, .zmd
> > .zip-content-filename signatures (for doubled-extension files), but I do
> > not have time to dig more deeply and create more general signatures.
> >
> > -kgd
>
> Hi,
>
> You could add sanesecurity.com signatures
>
> phish.ndb: has some simple zip heuristics to block some of these
> rogue.hdb: updated hourly for malware received
>
> Foxhole can be added to block all double extensions in zips *or* all
> dangerous attachments in Zips/rar/7zip:
>
> sanesecurity.com/foxhole-databases/
>
> Just in case it helps..
>
> Cheers,
>
> Steve
> Sanesecurity
>
> _______________________________________________
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
> http://www.clamav.net/support/ml
>
_______________________________________________
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/support/ml