Hi all,
Lately we are bombed with .doc attachments containing ransomware malware. I tested it out on efa3014 with unofficial sigs (free versions) included, but they got through anyway.
Checking on virustotal.com, all big commercial guys detected the virus. F-Secure, Fortinet, Ikarus, McAfee, Qihoo-360, Symantec, Tencent and TrendMicro all did their job.
So how does ClamAv stands out to the crowd in general? And what is the benefit of paid mailwarepatrol/securiteinfo sigs?
Any ideas?
Bottomline, I need to protect my business, I 'd rather do it myself with open source stuff, but I wonder is that is possible or comparable with the commercial ones.
Grtz,
Ronald
viruses slipping through
Re: viruses slipping through
hm, for one you can install the free Linux version of Sophos, search the forum, Nicola posted pretty detailed explanations how to install it.
Also, if you like you can forward me one of those bad ransomware .doc files and I'll let you know if it got caught and by whom.
(I am using quite a lot of free extra signatures for clamav) send it to ovidiu@ict-consult.co.za
Also, if you like you can forward me one of those bad ransomware .doc files and I'll let you know if it got caught and by whom.
(I am using quite a lot of free extra signatures for clamav) send it to ovidiu@ict-consult.co.za
Re: viruses slipping through
Thanks for the analysis offer, but how can I send it? It might be caught along the way. What's the plan?
Grtz!
Grtz!
Re: viruses slipping through
Will have a look @ sophos.
My sigs:
[root@sys-efa01 ~]# clamscan --debug 2>&1 /dev/null | grep "loaded"
LibClamAV debug: /var/lib/clamav/sigwhitelist.ign2 loaded
LibClamAV debug: /var/lib/clamav/securiteinfo.ign2 loaded
LibClamAV debug: daily.info loaded
LibClamAV debug: daily.cfg loaded
LibClamAV debug: daily.fp loaded
LibClamAV debug: daily.hsb loaded
LibClamAV debug: daily.ign loaded
LibClamAV debug: daily.ftm loaded
LibClamAV debug: daily.cdb loaded
LibClamAV debug: daily.hdb loaded
LibClamAV debug: daily.ndb loaded
LibClamAV debug: daily.sfp loaded
LibClamAV debug: daily.ign2 loaded
LibClamAV debug: daily.msb loaded
LibClamAV debug: daily.pdb loaded
LibClamAV debug: daily.mdb loaded
LibClamAV debug: daily.crb loaded
LibClamAV debug: daily.ldb loaded
LibClamAV debug: daily.idb loaded
LibClamAV debug: daily.wdb loaded
LibClamAV debug: /var/lib/clamav/daily.cld loaded
LibClamAV debug: /var/lib/clamav/phishtank.ndb loaded
LibClamAV debug: /var/lib/clamav/foxhole_generic.cdb loaded
LibClamAV debug: /var/lib/clamav/winnow_extended_malware.hdb loaded
LibClamAV debug: load_oneyara: successfully loaded YARA.crimepack_jar
LibClamAV debug: load_oneyara: successfully loaded YARA.crimepack_jar3
LibClamAV debug: cli_loadyara: loaded 2 of 2 yara signatures from /var/lib/clamav/EK_Crimepack.yar
LibClamAV debug: /var/lib/clamav/EK_Crimepack.yar loaded
LibClamAV debug: /var/lib/clamav/bofhland_cracked_URL.ndb loaded
LibClamAV debug: load_oneyara: successfully loaded YARA.Sanesecurity_Spam_test
LibClamAV debug: load_oneyara: successfully loaded YARA.Sanesecurity_Spam_pornspam
LibClamAV debug: cli_loadyara: loaded 2 of 2 yara signatures from /var/lib/clamav/Sanesecurity_spam.yara
LibClamAV debug: /var/lib/clamav/Sanesecurity_spam.yara loaded
LibClamAV debug: /var/lib/clamav/securiteinfopdf.hdb loaded
LibClamAV debug: load_oneyara: successfully loaded YARA.eleonore_jar
LibClamAV debug: load_oneyara: successfully loaded YARA.eleonore_jar2
LibClamAV debug: load_oneyara: successfully loaded YARA.eleonore_jar3
LibClamAV debug: load_oneyara: successfully loaded YARA.eleonore_js
LibClamAV debug: load_oneyara: successfully loaded YARA.eleonore_js2
LibClamAV debug: load_oneyara: successfully loaded YARA.eleonore_js3
LibClamAV debug: cli_loadyara: loaded 6 of 6 yara signatures from /var/lib/clamav/EK_Eleonore.yar
LibClamAV debug: /var/lib/clamav/EK_Eleonore.yar loaded
LibClamAV debug: /var/lib/clamav/winnow_malware.hdb loaded
LibClamAV debug: /var/lib/clamav/securiteinfo.hdb loaded
LibClamAV debug: /var/lib/clamav/winnow.attachments.hdb loaded
LibClamAV debug: /var/lib/clamav/antidebug_antivm.yar loaded
LibClamAV debug: /var/lib/clamav/sanesecurity.ftm loaded
LibClamAV debug: load_oneyara: successfully loaded YARA.Sanesecurity_TestSig_Type4_Hdr_2
LibClamAV debug: load_oneyara: successfully loaded YARA.Sanesecurity_TestSig_Type3_Bdy_4
LibClamAV debug: load_oneyara: successfully loaded YARA.Sanesecurity_TestSig_Type4_Bdy_3
LibClamAV debug: load_oneyara: successfully loaded YARA.Sanesecurity_PhishingTestSig_1
LibClamAV debug: cli_loadyara: loaded 4 of 4 yara signatures from /var/lib/clamav/Sanesecurity_sigtest.yara
LibClamAV debug: /var/lib/clamav/Sanesecurity_sigtest.yara loaded
LibClamAV debug: /var/lib/clamav/hackingteam.hsb loaded
LibClamAV debug: /var/lib/clamav/porcupine.hsb loaded
LibClamAV debug: /var/lib/clamav/spamattach.hdb loaded
LibClamAV debug: /var/lib/clamav/jurlbl.ndb loaded
LibClamAV debug: /var/lib/clamav/junk.ndb loaded
LibClamAV debug: load_oneyara: successfully loaded YARA.zeroaccess_css
LibClamAV debug: load_oneyara: successfully loaded YARA.zeroaccess_css2
LibClamAV debug: load_oneyara: successfully loaded YARA.zeroaccess_htm
LibClamAV debug: load_oneyara: successfully loaded YARA.zeroaccess_js
LibClamAV debug: load_oneyara: successfully loaded YARA.zeroaccess_js2
LibClamAV debug: load_oneyara: successfully loaded YARA.zeroaccess_js3
LibClamAV debug: load_oneyara: successfully loaded YARA.zeroaccess_js4
LibClamAV debug: cli_loadyara: loaded 7 of 7 yara signatures from /var/lib/clamav/EK_ZeroAcces.yar
LibClamAV debug: /var/lib/clamav/EK_ZeroAcces.yar loaded
LibClamAV debug: /var/lib/clamav/bofhland_malware_URL.ndb loaded
LibClamAV debug: /var/lib/clamav/scam.ndb loaded
LibClamAV debug: load_oneyara: successfully loaded YARA.AnglerEKredirector
LibClamAV debug: load_oneyara: successfully loaded YARA.angler_flash
LibClamAV debug: load_oneyara: successfully loaded YARA.angler_flash2
LibClamAV debug: load_oneyara: successfully loaded YARA.angler_flash4
LibClamAV debug: load_oneyara: successfully loaded YARA.angler_flash5
LibClamAV debug: load_oneyara: successfully loaded YARA.angler_flash_uncompressed
LibClamAV debug: load_oneyara: successfully loaded YARA.angler_html
LibClamAV debug: load_oneyara: successfully loaded YARA.angler_html2
LibClamAV debug: load_oneyara: successfully loaded YARA.angler_jar
LibClamAV debug: load_oneyara: successfully loaded YARA.angler_js
LibClamAV debug: cli_loadyara: loaded 10 of 10 yara signatures from /var/lib/clamav/EK_Angler.yar
LibClamAV debug: /var/lib/clamav/EK_Angler.yar loaded
LibClamAV debug: load_oneyara: successfully loaded YARA.sakura_jar
LibClamAV debug: load_oneyara: successfully loaded YARA.sakura_jar2
LibClamAV debug: cli_loadyara: loaded 2 of 2 yara signatures from /var/lib/clamav/EK_Sakura.yar
LibClamAV debug: /var/lib/clamav/EK_Sakura.yar loaded
LibClamAV debug: /var/lib/clamav/blurl.ndb loaded
LibClamAV debug: bytecode.info loaded
LibClamAV debug: 3986303.cbc loaded
LibClamAV debug: 3986206.cbc loaded
LibClamAV debug: 3986236.cbc loaded
LibClamAV debug: 3986215.cbc loaded
LibClamAV debug: 4306126.cbc loaded
LibClamAV debug: 3986305.cbc loaded
LibClamAV debug: 3986337.cbc loaded
LibClamAV debug: 3986223.cbc loaded
LibClamAV debug: 3986231.cbc loaded
LibClamAV debug: 4510302.cbc loaded
LibClamAV debug: 3986326.cbc loaded
LibClamAV debug: 3986221.cbc loaded
LibClamAV debug: 3986328.cbc loaded
LibClamAV debug: 4310114.cbc loaded
LibClamAV debug: 4553522.cbc loaded
LibClamAV debug: 3986292.cbc loaded
LibClamAV debug: 4306157.cbc loaded
LibClamAV debug: 3986318.cbc loaded
LibClamAV debug: 3986217.cbc loaded
LibClamAV debug: 3986235.cbc loaded
LibClamAV debug: 4307467.cbc loaded
LibClamAV debug: 3986222.cbc loaded
LibClamAV debug: 3986301.cbc loaded
LibClamAV debug: 3986234.cbc loaded
LibClamAV debug: 3986216.cbc loaded
LibClamAV debug: 3986322.cbc loaded
LibClamAV debug: 3986185.cbc loaded
LibClamAV debug: 3986242.cbc loaded
LibClamAV debug: 3986212.cbc loaded
LibClamAV debug: 4416867.cbc loaded
LibClamAV debug: 3986220.cbc loaded
LibClamAV debug: 3986214.cbc loaded
LibClamAV debug: 3986327.cbc loaded
LibClamAV debug: 3986306.cbc loaded
LibClamAV debug: 3986233.cbc loaded
LibClamAV debug: 3986230.cbc loaded
LibClamAV debug: 3986321.cbc loaded
LibClamAV debug: 3986282.cbc loaded
LibClamAV debug: 3986244.cbc loaded
LibClamAV debug: 4526683.cbc loaded
LibClamAV debug: 3986224.cbc loaded
LibClamAV debug: 3986249.cbc loaded
LibClamAV debug: 3986218.cbc loaded
LibClamAV debug: 3986334.cbc loaded
LibClamAV debug: 3986187.cbc loaded
LibClamAV debug: 3986283.cbc loaded
LibClamAV debug: 3986188.cbc loaded
LibClamAV debug: 3986232.cbc loaded
LibClamAV debug: 3986310.cbc loaded
LibClamAV debug: 3986259.cbc loaded
LibClamAV debug: 3986219.cbc loaded
LibClamAV debug: 3986289.cbc loaded
LibClamAV debug: 3986229.cbc loaded
LibClamAV debug: /var/lib/clamav/bytecode.cld loaded
LibClamAV debug: /var/lib/clamav/porcupine.ndb loaded
LibClamAV debug: load_oneyara: successfully loaded YARA.blackhole2_jar
LibClamAV debug: load_oneyara: successfully loaded YARA.blackhole2_jar2
LibClamAV debug: load_oneyara: successfully loaded YARA.blackhole2_jar3
LibClamAV debug: load_oneyara: successfully loaded YARA.blackhole2_pdf
LibClamAV debug: load_oneyara: successfully loaded YARA.blackhole_basic
LibClamAV debug: load_oneyara: successfully loaded YARA.blackhole1_jar
LibClamAV debug: load_oneyara: successfully loaded YARA.blackhole2_css
LibClamAV debug: load_oneyara: successfully loaded YARA.blackhole2_htm
LibClamAV debug: load_oneyara: successfully loaded YARA.blackhole2_htm10
LibClamAV debug: load_oneyara: successfully loaded YARA.blackhole2_htm11
LibClamAV debug: load_oneyara: successfully loaded YARA.blackhole2_htm12
LibClamAV debug: load_oneyara: successfully loaded YARA.blackhole2_htm3
LibClamAV debug: load_oneyara: successfully loaded YARA.blackhole2_htm4
LibClamAV debug: load_oneyara: successfully loaded YARA.blackhole2_htm5
LibClamAV debug: load_oneyara: successfully loaded YARA.blackhole2_htm6
LibClamAV debug: load_oneyara: successfully loaded YARA.blackhole2_htm8
LibClamAV debug: cli_loadyara: loaded 16 of 16 yara signatures from /var/lib/clamav/EK_Blackhole.yar
LibClamAV debug: /var/lib/clamav/EK_Blackhole.yar loaded
LibClamAV debug: /var/lib/clamav/bofhland_phishing_URL.ndb loaded
LibClamAV debug: /var/lib/clamav/bofhland_malware_attach.hdb loaded
LibClamAV debug: /var/lib/clamav/securiteinfohtml.hdb loaded
LibClamAV debug: /var/lib/clamav/spamimg.hdb loaded
LibClamAV debug: load_oneyara: successfully loaded YARA.phoenix_html
LibClamAV debug: load_oneyara: successfully loaded YARA.phoenix_html10
LibClamAV debug: load_oneyara: successfully loaded YARA.phoenix_html11
LibClamAV debug: load_oneyara: successfully loaded YARA.phoenix_html2
LibClamAV debug: load_oneyara: successfully loaded YARA.phoenix_html3
LibClamAV debug: load_oneyara: successfully loaded YARA.phoenix_html4
LibClamAV debug: load_oneyara: successfully loaded YARA.phoenix_html5
LibClamAV debug: load_oneyara: successfully loaded YARA.phoenix_html6
LibClamAV debug: load_oneyara: successfully loaded YARA.phoenix_html7
LibClamAV debug: load_oneyara: successfully loaded YARA.phoenix_html8
LibClamAV debug: load_oneyara: successfully loaded YARA.phoenix_html9
LibClamAV debug: load_oneyara: successfully loaded YARA.phoenix_jar
LibClamAV debug: load_oneyara: successfully loaded YARA.phoenix_jar2
LibClamAV debug: load_oneyara: successfully loaded YARA.phoenix_jar3
LibClamAV debug: load_oneyara: successfully loaded YARA.phoenix_pdf
LibClamAV debug: load_oneyara: successfully loaded YARA.phoenix_pdf2
LibClamAV debug: load_oneyara: successfully loaded YARA.phoenix_pdf3
LibClamAV debug: cli_loadyara: loaded 17 of 17 yara signatures from /var/lib/clamav/EK_Phoenix.yar
LibClamAV debug: /var/lib/clamav/EK_Phoenix.yar loaded
LibClamAV debug: load_oneyara: successfully loaded YARA.zerox88_js2
LibClamAV debug: load_oneyara: successfully loaded YARA.zerox88_js3
LibClamAV debug: cli_loadyara: loaded 2 of 2 yara signatures from /var/lib/clamav/EK_Zerox88.yar
LibClamAV debug: /var/lib/clamav/EK_Zerox88.yar loaded
LibClamAV debug: /var/lib/clamav/rfxn.hdb loaded
LibClamAV debug: /var/lib/clamav/foxhole_filename.cdb loaded
LibClamAV debug: /var/lib/clamav/rfxn.ndb loaded
LibClamAV debug: load_oneyara: successfully loaded YARA.INDICATOR_IMPLANT_Loader
LibClamAV debug: load_oneyara: successfully loaded YARA.INDICATOR_Implant_Loader2
LibClamAV debug: load_oneyara: generic string: [File {0} has been uploaded in {1}] => [46696c65207b307d20686173206265656e2075706c6f6164656420696e207b317d]
LibClamAV debug: load_oneyara: successfully loaded YARA.IMPLANT2_3
LibClamAV debug: load_oneyara: successfully loaded YARA.CryptoWall_Resume_phish
LibClamAV debug: load_oneyara: successfully loaded YARA.docx_macro
LibClamAV debug: load_oneyara: successfully loaded YARA.java_JSocket_20151217
LibClamAV debug: cli_loadyara: loaded 6 of 6 yara signatures from /var/lib/clamav/winnow_malware.yara
LibClamAV debug: /var/lib/clamav/winnow_malware.yara loaded
LibClamAV debug: load_oneyara: successfully loaded YARA.bleedinglife2_adobe_2010_1297_exploit
LibClamAV debug: load_oneyara: successfully loaded YARA.bleedinglife2_adobe_2010_2884_exploit
LibClamAV debug: load_oneyara: successfully loaded YARA.bleedinglife2_jar2
LibClamAV debug: load_oneyara: successfully loaded YARA.bleedinglife2_java_2010_0842_exploit
LibClamAV debug: cli_loadyara: loaded 4 of 4 yara signatures from /var/lib/clamav/EK_BleedingLife.yar
LibClamAV debug: /var/lib/clamav/EK_BleedingLife.yar loaded
LibClamAV debug: /var/lib/clamav/securiteinfoandroid.hdb loaded
LibClamAV debug: /var/lib/clamav/malwarehash.hsb loaded
LibClamAV debug: /var/lib/clamav/rogue.hdb loaded
LibClamAV debug: /var/lib/clamav/javascript.ndb loaded
LibClamAV debug: /var/lib/clamav/malwarepatrol.db loaded
LibClamAV debug: main.info loaded
LibClamAV debug: main.hdb loaded
LibClamAV debug: main.hsb loaded
LibClamAV debug: main.mdb loaded
LibClamAV debug: main.msb loaded
LibClamAV debug: main.ndb loaded
LibClamAV debug: main.fp loaded
LibClamAV debug: main.sfp loaded
LibClamAV debug: main.crb loaded
LibClamAV debug: /var/lib/clamav/main.cvd loaded
LibClamAV debug: load_oneyara: successfully loaded YARA.zeus_js
LibClamAV debug: cli_loadyara: loaded 1 of 1 yara signatures from /var/lib/clamav/EK_Zeus.yar
LibClamAV debug: /var/lib/clamav/EK_Zeus.yar loaded
LibClamAV debug: /var/lib/clamav/securiteinfoascii.hdb loaded
LibClamAV debug: /var/lib/clamav/phish.ndb loaded
LibClamAV debug: load_oneyara: successfully loaded YARA.fragus_htm
LibClamAV debug: load_oneyara: successfully loaded YARA.fragus_js
LibClamAV debug: load_oneyara: successfully loaded YARA.fragus_js2
LibClamAV debug: load_oneyara: successfully loaded YARA.fragus_js_flash
LibClamAV debug: load_oneyara: successfully loaded YARA.fragus_js_java
LibClamAV debug: load_oneyara: successfully loaded YARA.fragus_js_quicktime
LibClamAV debug: load_oneyara: successfully loaded YARA.fragus_js_vml
LibClamAV debug: cli_loadyara: loaded 7 of 7 yara signatures from /var/lib/clamav/EK_Fragus.yar
LibClamAV debug: /var/lib/clamav/EK_Fragus.yar loaded
LibClamAV debug: /var/lib/clamav/winnow_bad_cw.hdb loaded
LibClamAV debug: /var/lib/clamav/EMAIL_Cryptowall.yar loaded
LibClamAV debug: /var/lib/clamav/winnow_malware_links.ndb loaded
My sigs:
[root@sys-efa01 ~]# clamscan --debug 2>&1 /dev/null | grep "loaded"
LibClamAV debug: /var/lib/clamav/sigwhitelist.ign2 loaded
LibClamAV debug: /var/lib/clamav/securiteinfo.ign2 loaded
LibClamAV debug: daily.info loaded
LibClamAV debug: daily.cfg loaded
LibClamAV debug: daily.fp loaded
LibClamAV debug: daily.hsb loaded
LibClamAV debug: daily.ign loaded
LibClamAV debug: daily.ftm loaded
LibClamAV debug: daily.cdb loaded
LibClamAV debug: daily.hdb loaded
LibClamAV debug: daily.ndb loaded
LibClamAV debug: daily.sfp loaded
LibClamAV debug: daily.ign2 loaded
LibClamAV debug: daily.msb loaded
LibClamAV debug: daily.pdb loaded
LibClamAV debug: daily.mdb loaded
LibClamAV debug: daily.crb loaded
LibClamAV debug: daily.ldb loaded
LibClamAV debug: daily.idb loaded
LibClamAV debug: daily.wdb loaded
LibClamAV debug: /var/lib/clamav/daily.cld loaded
LibClamAV debug: /var/lib/clamav/phishtank.ndb loaded
LibClamAV debug: /var/lib/clamav/foxhole_generic.cdb loaded
LibClamAV debug: /var/lib/clamav/winnow_extended_malware.hdb loaded
LibClamAV debug: load_oneyara: successfully loaded YARA.crimepack_jar
LibClamAV debug: load_oneyara: successfully loaded YARA.crimepack_jar3
LibClamAV debug: cli_loadyara: loaded 2 of 2 yara signatures from /var/lib/clamav/EK_Crimepack.yar
LibClamAV debug: /var/lib/clamav/EK_Crimepack.yar loaded
LibClamAV debug: /var/lib/clamav/bofhland_cracked_URL.ndb loaded
LibClamAV debug: load_oneyara: successfully loaded YARA.Sanesecurity_Spam_test
LibClamAV debug: load_oneyara: successfully loaded YARA.Sanesecurity_Spam_pornspam
LibClamAV debug: cli_loadyara: loaded 2 of 2 yara signatures from /var/lib/clamav/Sanesecurity_spam.yara
LibClamAV debug: /var/lib/clamav/Sanesecurity_spam.yara loaded
LibClamAV debug: /var/lib/clamav/securiteinfopdf.hdb loaded
LibClamAV debug: load_oneyara: successfully loaded YARA.eleonore_jar
LibClamAV debug: load_oneyara: successfully loaded YARA.eleonore_jar2
LibClamAV debug: load_oneyara: successfully loaded YARA.eleonore_jar3
LibClamAV debug: load_oneyara: successfully loaded YARA.eleonore_js
LibClamAV debug: load_oneyara: successfully loaded YARA.eleonore_js2
LibClamAV debug: load_oneyara: successfully loaded YARA.eleonore_js3
LibClamAV debug: cli_loadyara: loaded 6 of 6 yara signatures from /var/lib/clamav/EK_Eleonore.yar
LibClamAV debug: /var/lib/clamav/EK_Eleonore.yar loaded
LibClamAV debug: /var/lib/clamav/winnow_malware.hdb loaded
LibClamAV debug: /var/lib/clamav/securiteinfo.hdb loaded
LibClamAV debug: /var/lib/clamav/winnow.attachments.hdb loaded
LibClamAV debug: /var/lib/clamav/antidebug_antivm.yar loaded
LibClamAV debug: /var/lib/clamav/sanesecurity.ftm loaded
LibClamAV debug: load_oneyara: successfully loaded YARA.Sanesecurity_TestSig_Type4_Hdr_2
LibClamAV debug: load_oneyara: successfully loaded YARA.Sanesecurity_TestSig_Type3_Bdy_4
LibClamAV debug: load_oneyara: successfully loaded YARA.Sanesecurity_TestSig_Type4_Bdy_3
LibClamAV debug: load_oneyara: successfully loaded YARA.Sanesecurity_PhishingTestSig_1
LibClamAV debug: cli_loadyara: loaded 4 of 4 yara signatures from /var/lib/clamav/Sanesecurity_sigtest.yara
LibClamAV debug: /var/lib/clamav/Sanesecurity_sigtest.yara loaded
LibClamAV debug: /var/lib/clamav/hackingteam.hsb loaded
LibClamAV debug: /var/lib/clamav/porcupine.hsb loaded
LibClamAV debug: /var/lib/clamav/spamattach.hdb loaded
LibClamAV debug: /var/lib/clamav/jurlbl.ndb loaded
LibClamAV debug: /var/lib/clamav/junk.ndb loaded
LibClamAV debug: load_oneyara: successfully loaded YARA.zeroaccess_css
LibClamAV debug: load_oneyara: successfully loaded YARA.zeroaccess_css2
LibClamAV debug: load_oneyara: successfully loaded YARA.zeroaccess_htm
LibClamAV debug: load_oneyara: successfully loaded YARA.zeroaccess_js
LibClamAV debug: load_oneyara: successfully loaded YARA.zeroaccess_js2
LibClamAV debug: load_oneyara: successfully loaded YARA.zeroaccess_js3
LibClamAV debug: load_oneyara: successfully loaded YARA.zeroaccess_js4
LibClamAV debug: cli_loadyara: loaded 7 of 7 yara signatures from /var/lib/clamav/EK_ZeroAcces.yar
LibClamAV debug: /var/lib/clamav/EK_ZeroAcces.yar loaded
LibClamAV debug: /var/lib/clamav/bofhland_malware_URL.ndb loaded
LibClamAV debug: /var/lib/clamav/scam.ndb loaded
LibClamAV debug: load_oneyara: successfully loaded YARA.AnglerEKredirector
LibClamAV debug: load_oneyara: successfully loaded YARA.angler_flash
LibClamAV debug: load_oneyara: successfully loaded YARA.angler_flash2
LibClamAV debug: load_oneyara: successfully loaded YARA.angler_flash4
LibClamAV debug: load_oneyara: successfully loaded YARA.angler_flash5
LibClamAV debug: load_oneyara: successfully loaded YARA.angler_flash_uncompressed
LibClamAV debug: load_oneyara: successfully loaded YARA.angler_html
LibClamAV debug: load_oneyara: successfully loaded YARA.angler_html2
LibClamAV debug: load_oneyara: successfully loaded YARA.angler_jar
LibClamAV debug: load_oneyara: successfully loaded YARA.angler_js
LibClamAV debug: cli_loadyara: loaded 10 of 10 yara signatures from /var/lib/clamav/EK_Angler.yar
LibClamAV debug: /var/lib/clamav/EK_Angler.yar loaded
LibClamAV debug: load_oneyara: successfully loaded YARA.sakura_jar
LibClamAV debug: load_oneyara: successfully loaded YARA.sakura_jar2
LibClamAV debug: cli_loadyara: loaded 2 of 2 yara signatures from /var/lib/clamav/EK_Sakura.yar
LibClamAV debug: /var/lib/clamav/EK_Sakura.yar loaded
LibClamAV debug: /var/lib/clamav/blurl.ndb loaded
LibClamAV debug: bytecode.info loaded
LibClamAV debug: 3986303.cbc loaded
LibClamAV debug: 3986206.cbc loaded
LibClamAV debug: 3986236.cbc loaded
LibClamAV debug: 3986215.cbc loaded
LibClamAV debug: 4306126.cbc loaded
LibClamAV debug: 3986305.cbc loaded
LibClamAV debug: 3986337.cbc loaded
LibClamAV debug: 3986223.cbc loaded
LibClamAV debug: 3986231.cbc loaded
LibClamAV debug: 4510302.cbc loaded
LibClamAV debug: 3986326.cbc loaded
LibClamAV debug: 3986221.cbc loaded
LibClamAV debug: 3986328.cbc loaded
LibClamAV debug: 4310114.cbc loaded
LibClamAV debug: 4553522.cbc loaded
LibClamAV debug: 3986292.cbc loaded
LibClamAV debug: 4306157.cbc loaded
LibClamAV debug: 3986318.cbc loaded
LibClamAV debug: 3986217.cbc loaded
LibClamAV debug: 3986235.cbc loaded
LibClamAV debug: 4307467.cbc loaded
LibClamAV debug: 3986222.cbc loaded
LibClamAV debug: 3986301.cbc loaded
LibClamAV debug: 3986234.cbc loaded
LibClamAV debug: 3986216.cbc loaded
LibClamAV debug: 3986322.cbc loaded
LibClamAV debug: 3986185.cbc loaded
LibClamAV debug: 3986242.cbc loaded
LibClamAV debug: 3986212.cbc loaded
LibClamAV debug: 4416867.cbc loaded
LibClamAV debug: 3986220.cbc loaded
LibClamAV debug: 3986214.cbc loaded
LibClamAV debug: 3986327.cbc loaded
LibClamAV debug: 3986306.cbc loaded
LibClamAV debug: 3986233.cbc loaded
LibClamAV debug: 3986230.cbc loaded
LibClamAV debug: 3986321.cbc loaded
LibClamAV debug: 3986282.cbc loaded
LibClamAV debug: 3986244.cbc loaded
LibClamAV debug: 4526683.cbc loaded
LibClamAV debug: 3986224.cbc loaded
LibClamAV debug: 3986249.cbc loaded
LibClamAV debug: 3986218.cbc loaded
LibClamAV debug: 3986334.cbc loaded
LibClamAV debug: 3986187.cbc loaded
LibClamAV debug: 3986283.cbc loaded
LibClamAV debug: 3986188.cbc loaded
LibClamAV debug: 3986232.cbc loaded
LibClamAV debug: 3986310.cbc loaded
LibClamAV debug: 3986259.cbc loaded
LibClamAV debug: 3986219.cbc loaded
LibClamAV debug: 3986289.cbc loaded
LibClamAV debug: 3986229.cbc loaded
LibClamAV debug: /var/lib/clamav/bytecode.cld loaded
LibClamAV debug: /var/lib/clamav/porcupine.ndb loaded
LibClamAV debug: load_oneyara: successfully loaded YARA.blackhole2_jar
LibClamAV debug: load_oneyara: successfully loaded YARA.blackhole2_jar2
LibClamAV debug: load_oneyara: successfully loaded YARA.blackhole2_jar3
LibClamAV debug: load_oneyara: successfully loaded YARA.blackhole2_pdf
LibClamAV debug: load_oneyara: successfully loaded YARA.blackhole_basic
LibClamAV debug: load_oneyara: successfully loaded YARA.blackhole1_jar
LibClamAV debug: load_oneyara: successfully loaded YARA.blackhole2_css
LibClamAV debug: load_oneyara: successfully loaded YARA.blackhole2_htm
LibClamAV debug: load_oneyara: successfully loaded YARA.blackhole2_htm10
LibClamAV debug: load_oneyara: successfully loaded YARA.blackhole2_htm11
LibClamAV debug: load_oneyara: successfully loaded YARA.blackhole2_htm12
LibClamAV debug: load_oneyara: successfully loaded YARA.blackhole2_htm3
LibClamAV debug: load_oneyara: successfully loaded YARA.blackhole2_htm4
LibClamAV debug: load_oneyara: successfully loaded YARA.blackhole2_htm5
LibClamAV debug: load_oneyara: successfully loaded YARA.blackhole2_htm6
LibClamAV debug: load_oneyara: successfully loaded YARA.blackhole2_htm8
LibClamAV debug: cli_loadyara: loaded 16 of 16 yara signatures from /var/lib/clamav/EK_Blackhole.yar
LibClamAV debug: /var/lib/clamav/EK_Blackhole.yar loaded
LibClamAV debug: /var/lib/clamav/bofhland_phishing_URL.ndb loaded
LibClamAV debug: /var/lib/clamav/bofhland_malware_attach.hdb loaded
LibClamAV debug: /var/lib/clamav/securiteinfohtml.hdb loaded
LibClamAV debug: /var/lib/clamav/spamimg.hdb loaded
LibClamAV debug: load_oneyara: successfully loaded YARA.phoenix_html
LibClamAV debug: load_oneyara: successfully loaded YARA.phoenix_html10
LibClamAV debug: load_oneyara: successfully loaded YARA.phoenix_html11
LibClamAV debug: load_oneyara: successfully loaded YARA.phoenix_html2
LibClamAV debug: load_oneyara: successfully loaded YARA.phoenix_html3
LibClamAV debug: load_oneyara: successfully loaded YARA.phoenix_html4
LibClamAV debug: load_oneyara: successfully loaded YARA.phoenix_html5
LibClamAV debug: load_oneyara: successfully loaded YARA.phoenix_html6
LibClamAV debug: load_oneyara: successfully loaded YARA.phoenix_html7
LibClamAV debug: load_oneyara: successfully loaded YARA.phoenix_html8
LibClamAV debug: load_oneyara: successfully loaded YARA.phoenix_html9
LibClamAV debug: load_oneyara: successfully loaded YARA.phoenix_jar
LibClamAV debug: load_oneyara: successfully loaded YARA.phoenix_jar2
LibClamAV debug: load_oneyara: successfully loaded YARA.phoenix_jar3
LibClamAV debug: load_oneyara: successfully loaded YARA.phoenix_pdf
LibClamAV debug: load_oneyara: successfully loaded YARA.phoenix_pdf2
LibClamAV debug: load_oneyara: successfully loaded YARA.phoenix_pdf3
LibClamAV debug: cli_loadyara: loaded 17 of 17 yara signatures from /var/lib/clamav/EK_Phoenix.yar
LibClamAV debug: /var/lib/clamav/EK_Phoenix.yar loaded
LibClamAV debug: load_oneyara: successfully loaded YARA.zerox88_js2
LibClamAV debug: load_oneyara: successfully loaded YARA.zerox88_js3
LibClamAV debug: cli_loadyara: loaded 2 of 2 yara signatures from /var/lib/clamav/EK_Zerox88.yar
LibClamAV debug: /var/lib/clamav/EK_Zerox88.yar loaded
LibClamAV debug: /var/lib/clamav/rfxn.hdb loaded
LibClamAV debug: /var/lib/clamav/foxhole_filename.cdb loaded
LibClamAV debug: /var/lib/clamav/rfxn.ndb loaded
LibClamAV debug: load_oneyara: successfully loaded YARA.INDICATOR_IMPLANT_Loader
LibClamAV debug: load_oneyara: successfully loaded YARA.INDICATOR_Implant_Loader2
LibClamAV debug: load_oneyara: generic string: [File {0} has been uploaded in {1}] => [46696c65207b307d20686173206265656e2075706c6f6164656420696e207b317d]
LibClamAV debug: load_oneyara: successfully loaded YARA.IMPLANT2_3
LibClamAV debug: load_oneyara: successfully loaded YARA.CryptoWall_Resume_phish
LibClamAV debug: load_oneyara: successfully loaded YARA.docx_macro
LibClamAV debug: load_oneyara: successfully loaded YARA.java_JSocket_20151217
LibClamAV debug: cli_loadyara: loaded 6 of 6 yara signatures from /var/lib/clamav/winnow_malware.yara
LibClamAV debug: /var/lib/clamav/winnow_malware.yara loaded
LibClamAV debug: load_oneyara: successfully loaded YARA.bleedinglife2_adobe_2010_1297_exploit
LibClamAV debug: load_oneyara: successfully loaded YARA.bleedinglife2_adobe_2010_2884_exploit
LibClamAV debug: load_oneyara: successfully loaded YARA.bleedinglife2_jar2
LibClamAV debug: load_oneyara: successfully loaded YARA.bleedinglife2_java_2010_0842_exploit
LibClamAV debug: cli_loadyara: loaded 4 of 4 yara signatures from /var/lib/clamav/EK_BleedingLife.yar
LibClamAV debug: /var/lib/clamav/EK_BleedingLife.yar loaded
LibClamAV debug: /var/lib/clamav/securiteinfoandroid.hdb loaded
LibClamAV debug: /var/lib/clamav/malwarehash.hsb loaded
LibClamAV debug: /var/lib/clamav/rogue.hdb loaded
LibClamAV debug: /var/lib/clamav/javascript.ndb loaded
LibClamAV debug: /var/lib/clamav/malwarepatrol.db loaded
LibClamAV debug: main.info loaded
LibClamAV debug: main.hdb loaded
LibClamAV debug: main.hsb loaded
LibClamAV debug: main.mdb loaded
LibClamAV debug: main.msb loaded
LibClamAV debug: main.ndb loaded
LibClamAV debug: main.fp loaded
LibClamAV debug: main.sfp loaded
LibClamAV debug: main.crb loaded
LibClamAV debug: /var/lib/clamav/main.cvd loaded
LibClamAV debug: load_oneyara: successfully loaded YARA.zeus_js
LibClamAV debug: cli_loadyara: loaded 1 of 1 yara signatures from /var/lib/clamav/EK_Zeus.yar
LibClamAV debug: /var/lib/clamav/EK_Zeus.yar loaded
LibClamAV debug: /var/lib/clamav/securiteinfoascii.hdb loaded
LibClamAV debug: /var/lib/clamav/phish.ndb loaded
LibClamAV debug: load_oneyara: successfully loaded YARA.fragus_htm
LibClamAV debug: load_oneyara: successfully loaded YARA.fragus_js
LibClamAV debug: load_oneyara: successfully loaded YARA.fragus_js2
LibClamAV debug: load_oneyara: successfully loaded YARA.fragus_js_flash
LibClamAV debug: load_oneyara: successfully loaded YARA.fragus_js_java
LibClamAV debug: load_oneyara: successfully loaded YARA.fragus_js_quicktime
LibClamAV debug: load_oneyara: successfully loaded YARA.fragus_js_vml
LibClamAV debug: cli_loadyara: loaded 7 of 7 yara signatures from /var/lib/clamav/EK_Fragus.yar
LibClamAV debug: /var/lib/clamav/EK_Fragus.yar loaded
LibClamAV debug: /var/lib/clamav/winnow_bad_cw.hdb loaded
LibClamAV debug: /var/lib/clamav/EMAIL_Cryptowall.yar loaded
LibClamAV debug: /var/lib/clamav/winnow_malware_links.ndb loaded