Hi, everyone
We have EFA helping to catch many viruses not caught by clamav, but some such as this Win32:Malware-gen is not caught.
Any suggestions how to catch it?
Details: https://www.virustotal.com/pt/file/dfe0 ... /analysis/
I attached the VIRUS to this post.
Thanks.
(attachment removed by moderator)
Win32:Malware-gen malware
-
shawniverson
- Posts: 3783
- Joined: 13 Jan 2014 23:30
- Location: Indianapolis, Indiana USA
- Contact:
Re: Win32:Malware-gen malware
Hehe...don't think we want a virus floating around in the forums 
I'll suspend my scans and download. I'll have to remove the above link from the post or the post itself.
I'll suspend my scans and download. I'll have to remove the above link from the post or the post itself.
-
shawniverson
- Posts: 3783
- Joined: 13 Jan 2014 23:30
- Location: Indianapolis, Indiana USA
- Contact:
Re: Win32:Malware-gen malware
Ok, it appears this is an exe inside a zip.
Testing further...
Testing further...
-
shawniverson
- Posts: 3783
- Joined: 13 Jan 2014 23:30
- Location: Indianapolis, Indiana USA
- Contact:
Re: Win32:Malware-gen malware
Yeah, clam sure isn't hitting this one. Hence the ever evolving landscape of viruses...
Solutions:
1) You can submit it to clam and see if they make a signature for it
http://cgi.clamav.net/sendvirus.cgi
2) Consider adding a second virus scanner to EFA. EFA (mailscanner) supports many commercial scanners as well. If you have access to them you may be able to enhance your scanning this way.
Check out /etc/MailScanner/virus.scanners.conf for a list
Solutions:
1) You can submit it to clam and see if they make a signature for it
http://cgi.clamav.net/sendvirus.cgi
2) Consider adding a second virus scanner to EFA. EFA (mailscanner) supports many commercial scanners as well. If you have access to them you may be able to enhance your scanning this way.
Check out /etc/MailScanner/virus.scanners.conf for a list
-
shawniverson
- Posts: 3783
- Joined: 13 Jan 2014 23:30
- Location: Indianapolis, Indiana USA
- Contact:
Re: Win32:Malware-gen malware
Oh yeah, you can also enable MailScanner to scan for exe's inside of zips too and just block them unconditionally.
-
robertboyl
- Posts: 25
- Joined: 09 Feb 2015 11:29
Re: Win32:Malware-gen malware
Thanks, guys, for super fast reply!
I already submitted to ClamAV, but no response.
Cant EFA detect this also as it does with many viruses?
I know theres also a setting in ClamAV to make it detect viruses/malware in a harsher way, but I believe my sysadmin prefers to not enable such setting due to other issues and false positives. Will check with sysadmin about scanning exe inside zip, etc. I believe he has plans to let us do that.
If anyone is using some good open source alternative that catches this virus I sent, pls inform me, or even any commercial solutions that have competitive pricing, etc.
Thanks!
I already submitted to ClamAV, but no response.
Cant EFA detect this also as it does with many viruses?
I know theres also a setting in ClamAV to make it detect viruses/malware in a harsher way, but I believe my sysadmin prefers to not enable such setting due to other issues and false positives. Will check with sysadmin about scanning exe inside zip, etc. I believe he has plans to let us do that.
If anyone is using some good open source alternative that catches this virus I sent, pls inform me, or even any commercial solutions that have competitive pricing, etc.
Thanks!
-
robertboyl
- Posts: 25
- Joined: 09 Feb 2015 11:29
Re: Win32:Malware-gen malware
Update: after a bit of insistance and contacting them via facebook, ClamAV did publish update to catch this virus.
But others are popping up and its a bit of work trying to report to them and follow up.
Any recommendations of really good antivirus and a competitive costs that catches these malwares?
Thanks!
But others are popping up and its a bit of work trying to report to them and follow up.
Any recommendations of really good antivirus and a competitive costs that catches these malwares?
Thanks!
-
robertboyl
- Posts: 25
- Joined: 09 Feb 2015 11:29
Re: Win32:Malware-gen malware
Actually, ClamAV doesnt detect this virus, as many other viruses. 