Luca Moscato
2018-11-06 09:46:09 UTC
Hi everyone, one of our customers notify us that the AV we use (clamav
of course) does not detect some of malware downloadable from das malwerk
usued for testing.
Pretty strange situation, so we decided to download all malwares from
that site and send as a sample using command line interface
[***@amazon-ami:~]$ clamsubmit -n
/home/luca/malware/d77aca7d-f9f1-11e7-b482-80e65024849a.file -N luca -e
***@funambol.com
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>302 Found</title>
</head><body>
<h1>Found</h1>
<p>The document has moved <a
href="http://www.clamav.net/sendmalware.cgi">here</a>.</p>
</body></html>
[***@amazon-ami:~]$
Question 1 - Is this process correct to send samples?
Question 2 - How much time is required to validate a sample and get the
A/V db updated? Days? Months?
Some notes:
- I'm using Amazon linux and clamav version available in amz linux repo,
db should be updated with freshclam
[***@amazon-ami:~]$ sudo freshclam
ClamAV update process started at Tue Nov 6 09:36:41 2018
WARNING: Your ClamAV installation is OUTDATED!
WARNING: Local version: 0.99.4 Recommended version: 0.100.2
DON'T PANIC! Read http://www.clamav.net/documents/upgrading-clamav
main.cvd is up to date (version: 58, sigs: 4566249, f-level: 60,
builder: sigmgr)
daily.cld is up to date (version: 25095, sigs: 2143057, f-level: 63,
builder: neo)
bytecode.cld is up to date (version: 327, sigs: 91, f-level: 63,
builder: neo)
- I have all links and script (see attach) to quick download all stuff
from das_malwerk
- Actually a scan of all the stuff retrieved from that website have this
results while I expect to have a 100%
----------- SCAN SUMMARY -----------
Known viruses: 6702413
Engine version: 0.99.4
Scanned directories: 1
Scanned files: 1488
Infected files: 964
Data scanned: 1125.26 MB
Data read: 1195.11 MB (ratio 0.94:1)
Time: 361.283 sec (6 m 1 s)
Thanks and have a nice day
Luca
of course) does not detect some of malware downloadable from das malwerk
usued for testing.
Pretty strange situation, so we decided to download all malwares from
that site and send as a sample using command line interface
[***@amazon-ami:~]$ clamsubmit -n
/home/luca/malware/d77aca7d-f9f1-11e7-b482-80e65024849a.file -N luca -e
***@funambol.com
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>302 Found</title>
</head><body>
<h1>Found</h1>
<p>The document has moved <a
href="http://www.clamav.net/sendmalware.cgi">here</a>.</p>
</body></html>
[***@amazon-ami:~]$
Question 1 - Is this process correct to send samples?
Question 2 - How much time is required to validate a sample and get the
A/V db updated? Days? Months?
Some notes:
- I'm using Amazon linux and clamav version available in amz linux repo,
db should be updated with freshclam
[***@amazon-ami:~]$ sudo freshclam
ClamAV update process started at Tue Nov 6 09:36:41 2018
WARNING: Your ClamAV installation is OUTDATED!
WARNING: Local version: 0.99.4 Recommended version: 0.100.2
DON'T PANIC! Read http://www.clamav.net/documents/upgrading-clamav
main.cvd is up to date (version: 58, sigs: 4566249, f-level: 60,
builder: sigmgr)
daily.cld is up to date (version: 25095, sigs: 2143057, f-level: 63,
builder: neo)
bytecode.cld is up to date (version: 327, sigs: 91, f-level: 63,
builder: neo)
- I have all links and script (see attach) to quick download all stuff
from das_malwerk
- Actually a scan of all the stuff retrieved from that website have this
results while I expect to have a 100%
----------- SCAN SUMMARY -----------
Known viruses: 6702413
Engine version: 0.99.4
Scanned directories: 1
Scanned files: 1488
Infected files: 964
Data scanned: 1125.26 MB
Data read: 1195.11 MB (ratio 0.94:1)
Time: 361.283 sec (6 m 1 s)
Thanks and have a nice day
Luca