Tuesday, May 16, 2017

We are currently planning on cutting a new Main.cvd on Wednesday, June 7th, 2017.  After the new Main.cvd is published the "daily" load on the mirrors and your networks should be much lighter.

As always, this will result in a period of heavy downloading following the release, and lighter loads from smaller "daily" cvds after.

We will post an estimated size in an updated post.

Wednesday, February 22, 2017

We took note of this article over on the NVISO Labs blog that basically starts off like this:

Did you know the open-source anti-virus ClamAV supports YARA rules? What benefits can this bring to us? One of the important features ClamAV has is the file decomposition capability. Say that the file you want to analyze resides in an archive, or is a packed executable, then ClamAV will unarchive/unpack the file, and run the YARA engine on it.

A lot of people actually don't know this.  But NVISIO wrote a great article on it and is definitely worth the read if you are interested in doing some hunting with Yara content with ClamAV.

Friday, February 10, 2017

Yesterday, several articles came out through various publications regarding a piece of malware named "MacDownloader".  It appears to be specifically targeting the Defense Industry. Several other research firms attribute the malware to Iranian attackers.

For more information we are publishing links to several blogs below:

https://blog.malwarebytes.com/threat-analysis/2017/02/macdownloader-malware-targeting-defense-industry/
http://www.csoonline.com/article/3167249/security/mac-malware-possibly-made-in-iran-targets-us-defense-industry.html

and finally the original blog:

https://iranthreats.github.io/resources/macdownloader-macos-malware/

Our ClamAV auto detection scripts have published detection for this already:

Osx.Downloader.MacDownloader-5781857-0

Please ensure you are scanning your machines regularly!