Below is an MDB signature for ClamWin users for a tool developed by an Iranian advanced threat group to hack Microsoft Exchange email. The tool was "acquired" by some virus researchers that target this threat group. The signature might be helpful for any business/government users of ClamWin from which Iran might be interested in stealing information, particularly in the Middle East.

Copy the signature(s) to a Notepad file and save it in the ClamWin db program data folder or add the signature to an existing MDB file you may have there. Do not save the file with a .txt or .text on the end of the name. Save it as Sigfile.mdb (select type All Files to prevent the .txt or .text at the end of the filename), otherwise ClamWin will be unable to recognize it as a signature. MDB signatures identify important parts of a malware file and will last until the next version of the malware comes out--often in a week or so, but some malware authors reuse parts of their old file, so an MDB signature could last longer--maybe for a month. This signature probably fits the longer lasting group, as development of such tools takes some time.

40448:875ed0eec0bd64f4940d19abc668d439:Win.Trojan.Iranian.ExchangeHacker-060319.1404

Regards,