[sanesecurity] Re: Sanesecurity.Phishing.Bank

• From: Daniel McDonald <dan.mcdonald@xxxxxxxxxxxxxxxx>
• To: sanesecurity <sanesecurity@xxxxxxxxxxxxx>
• Date: Mon, 07 Mar 2011 18:10:11 -0600

On 3/7/11 5:36 PM, "Chris" <cpollock@xxxxxxxxxxxxxx> wrote:

> Received a spam today that had an attachment that had an .html extension
> which in reality was a javascript file. When running the attachment
> through clamdscan it was tagged as Sanesecurity.Malware.14565.UNOFFICIAL
> FOUND. Shouldn't the malware have been picked up along with the phishing
> or instead of?

That's one of the clamav limitations - it only records one match.  And there
is no priority system for "more important" matches, so if a file will hit
multiple signatures, a random one will be reported.


-- 
Daniel J McDonald, CCIE # 2495, CISSP # 78281

• Follow-Ups:
  • [sanesecurity] Re: Sanesecurity.Phishing.Bank
    • From: Chris
  • [sanesecurity] Re: Sanesecurity.Phishing.Bank
    • From: GrayHat

• References:
  • [sanesecurity] Sanesecurity.Phishing.Bank
    • From: Chris

Other related posts:

• » [sanesecurity] Sanesecurity.Phishing.Bank- Chris
• » [sanesecurity] Re: Sanesecurity.Phishing.Bank - Daniel McDonald
• » [sanesecurity] Re: Sanesecurity.Phishing.Bank- Chris
• » [sanesecurity] Re: Sanesecurity.Phishing.Bank- GrayHat
• » [sanesecurity] Re: Sanesecurity.Phishing.Bank- Daniel McDonald
• » [sanesecurity] Re: Sanesecurity.Phishing.Bank- GrayHat

1. Home
2. sanesecurity
3. Archive
4. 03-2011

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---