Discussion:
[clamav-users] fake mp3, real malware.
(too old to reply)
Arnaud Jacques / SecuriteInfo.com
2016-06-04 14:21:26 UTC
Permalink
Hello Clamav,

A new malware is an ascii text begining by "ID3 = ".
Clamav see it as an MP3 file :

clamscan --debug SecuriteInfo.com.JS.Downloader.Agent.15736.18211.371
(...)
LibClamAV debug: Recognized MP3 file
(...)

clamscan -V
ClamAV 0.99.2/21668/Sat Jun 4 11:35:05 2016

The problem is this ascii malware cannot be normalised, but it should be.

The sample has been sent to http://www.clamav.net/reports/malware

md5sum of malware sent is : 023bff926f5852ba0e58a72c10e77f2a
--
Best regards,

Arnaud Jacques
SecuriteInfo.com

Facebook : https://www.facebook.com/pages/SecuriteInfocom/132872523492286
Twitter : @SecuriteInfoCom
_______________________________________________
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml
Steven Morgan
2016-06-06 16:12:44 UTC
Permalink
Tracking with https://bugzilla.clamav.net/show_bug.cgi?id=11582.

On Sat, Jun 4, 2016 at 10:21 AM, Arnaud Jacques / SecuriteInfo.com <
Post by Arnaud Jacques / SecuriteInfo.com
Hello Clamav,
A new malware is an ascii text begining by "ID3 = ".
clamscan --debug SecuriteInfo.com.JS.Downloader.Agent.15736.18211.371
(...)
LibClamAV debug: Recognized MP3 file
(...)
clamscan -V
ClamAV 0.99.2/21668/Sat Jun 4 11:35:05 2016
The problem is this ascii malware cannot be normalised, but it should be.
The sample has been sent to http://www.clamav.net/reports/malware
md5sum of malware sent is : 023bff926f5852ba0e58a72c10e77f2a
--
Best regards,
Arnaud Jacques
SecuriteInfo.com
Facebook : https://www.facebook.com/pages/SecuriteInfocom/132872523492286
_______________________________________________
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/contact.html#ml
_______________________________________________
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml
Benny Pedersen
2016-06-06 19:30:38 UTC
Permalink
Post by Steven Morgan
Tracking with https://bugzilla.clamav.net/show_bug.cgi?id=11582.
You are not authorized to access bug #11582.
_______________________________________________
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml
Steven Morgan
2016-06-06 19:39:32 UTC
Permalink
Sorry, try it now.
Post by Benny Pedersen
Post by Steven Morgan
Tracking with https://bugzilla.clamav.net/show_bug.cgi?id=11582.
You are not authorized to access bug #11582.
_______________________________________________
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/contact.html#ml
_______________________________________________
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml
Benny Pedersen
2016-06-06 19:42:53 UTC
Permalink
Post by Steven Morgan
Sorry, try it now.
solved

https://bugzilla.clamav.net/show_bug.cgi?id=11156 fail
_______________________________________________
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Loading...