ClamWin Free Antivirus Forum Index
ClamWin Free Antivirus
Support and Discussion Forums
Reply to topic
Send file for analysis
Ruslam46743


Joined: 16 Aug 2017
Posts: 8
Location: russia
Reply with quote
This service is still relevant or not http://www.clamav.net/reports/malware ??? Whether they work ???

They are already silent for 24 hours while there is no effect
View user's profileSend private message
GuitarBob


Joined: 09 Jul 2006
Posts: 4266
Location: USA
Reply with quote
The Clam AV contact page for reporting both malware files and false positives is at http://www.clamav.net/contact on the web. When you get there, you can choose which one to report.

Regards,
View user's profileSend private message
Ruslam46743


Joined: 16 Aug 2017
Posts: 8
Location: russia
Reply with quote
ок http://www.clamav.net/reports/signature

I would like to know more mail
View user's profileSend private message
GuitarBob


Joined: 09 Jul 2006
Posts: 4266
Location: USA
Reply with quote
Yes - you can give a signature to Clam AV that you have developed for a particular virus at that web site.

Regards,
View user's profileSend private message
Ruslam46743


Joined: 16 Aug 2017
Posts: 8
Location: russia
Reply with quote
ok
View user's profileSend private message
GuitarBob


Joined: 09 Jul 2006
Posts: 4266
Location: USA
Reply with quote
Virus Total sends its submissions to the AV companies, including Clam AV. A couple of years ago, Clam AV developed some of its signatures for files that had a large number of submissions to Virus Total. I expect they are still doing that, so if you submit a file to Virus Total, Clam AV may get a signature for it without you having to submit it to them.

Regards,
View user's profileSend private message
Ruslam46743


Joined: 16 Aug 2017
Posts: 8
Location: russia
Reply with quote
Virus Total This is a commercial project And clamwin a free project it will not help I have suspicions that the slatwin takes bribes From commercial companies Virustotal for clamwin is not an assistant

Virus Total Corrupt

Virustotal more supports commercial products than yours

Virustotal LOG https://www.virustotal.com/#/file/d2ca237cf253d2f3e0d3c986d64765e810da0ba41930d858bac00bce4eab1df6/detection
This is an example
View user's profileSend private message
GuitarBob


Joined: 09 Jul 2006
Posts: 4266
Location: USA
Reply with quote
You can use whatever online scanner you like. Virus Total just happens to have more AVs than other scanners. I sometimes use VirScan, which has lots of Asian scanners. Scanning with multiple scanners is better than using just one scanner because one scanner cannot detect all viruses.

Clam AV prepares about 1,000 signatures per day. The big AVs see 300,000 to 600,000 viruses per day.

Regards,
View user's profileSend private message
Ruslam46743


Joined: 16 Aug 2017
Posts: 8
Location: russia
Reply with quote
malwr com , virustotal com , virusscan.jotti.org , virscan.org

Was sent to all but there is no sense clamwin there is still no signature
View user's profileSend private message
GuitarBob


Joined: 09 Jul 2006
Posts: 4266
Location: USA
Reply with quote
Clam AV does not get a signature for every piece of malware. When I worked with them, they prepared automatic signatures for high profile virus files sent to them by Virus Total. A small amount of other signatures was prepared manually by the sigmakers, but no one worked full-time on sigmaking. The other sigmakers only worked on Clam AV when they did not have anything to do for Sourcefire, which owned Clam AV at that time. Now Cisco owns Clam AV, but it is probably still the same--no one works on Clam AV full-time, and most of the signatures are automatically prepared from files sent to them by Virus Total.

You could prepare your own signature and submit it to Clam AV--they might use that. You could get an MD5 or SHA hash for the entire file or a section of the file (usually the largest section, but I like to use the section with the greatest entropy). You can get this information from Virus Total details. You can get information about preparing your own signatures from Clam AV. Remember, however, that after about a month, a signature will probably not do any good because the malware file has been changed by then.

Regards,
View user's profileSend private message
Ruslam46743


Joined: 16 Aug 2017
Posts: 8
Location: russia
Reply with quote
ready to become a sigmaster Give a link to the manual I want to protect the Russian segment of the Internet ( Is it really so difficult to extract md5 from a file )
View user's profileSend private message
GuitarBob


Joined: 09 Jul 2006
Posts: 4266
Location: USA
Reply with quote
Here is some information from Cisco about preparing Clam AV signatures:
https://duckduckgo.com/l/?kh=-1&uddg=https%3A%2F%2Fdocs.amp.cisco.com%2Fclamav_signatures.pdf

Here is some information I put on the ClamWin forum about preparing Clam AV signatures:
http://forums.clamwin.com/viewtopic.php?t=4007

You will need a good source of virus-infected files from which to prepare your signatures. A honeypot might be a good place to start so that you can capture the viruses. I also recommend Virtual Box for a virtual machine (VM) in which to run the infected files to see what they do. For AV software to detect the viruses, I recommend Zemana Antimalware free, Malwarebytes free, Dr. Web CureIT, and Microsoft Safety Scanner. Most of all, read the security blogs, and learn as much as you can about viruses.

Good luck! Sigmaking is hard work, it is often very lonely, and it is always unappreciated by the average user.

Regards,
View user's profileSend private message
Ruslam46743


Joined: 16 Aug 2017
Posts: 8
Location: russia
Reply with quote
Thank you how to send MDB sigfile.mdb file

1265664:ac65056031e91d3b1774050ecad68630:Win.Trojan.Ransom
208896:eb9bf5cb6cc9deff596325e5cf04a3bd:Win.Trojan.Ransom
4096:620f0b67a91f7f74151bc5be745b7110:Win.Trojan.Ransom
114688:568cb48f77679f6428b648661b1f3798:Win.Trojan.Ransom
8192:1859f69f2a1e6e2bb18ba6ac743cdfc7:Win.Trojan.Ransom
325632:62f3ab3ccdd6624c163d132e92c8b20f:Win.Trojan.Ransom
47616:ebe0e261a0ceba74e335c90cb9bfbac7:Win.Trojan.Ransom
23552:84d3c27d23429664bc77d2cca521b6c9:Win.Trojan.Ransom
2560:7c7879ca04e6a6fac5422722a1829038:Win.Trojan.Ransom
12800:57ae5eb9fda06042eb49427bd43a023f:Win.Trojan.Ransom
View user's profileSend private message
GuitarBob


Joined: 09 Jul 2006
Posts: 4266
Location: USA
Reply with quote
I received the signatures. Thank you.

Regards,
View user's profileSend private message
Send file for analysis
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
All times are GMT  
Page 1 of 1  

  
  
 Reply to topic