Wednesday, February 25, 2015

What to do with MD5 checksums of files provided as an Indicator of Compromise?

I spotted this blog article over on thepcn3rd blog, with a really simple blog article on how to generate ClamAV detection quickly given an md5 for a malicious file.

As I have researched malware and the indicators of compromise an MD5 checksum of the files are provided so that you can detect them in your environment. I am not sure about your anti-virus but I am not able to plug-in an MD5 and have it search for them across the enterprise as it does it's scan.
The blog highlights a great point about ClamAV and Open Source, the ability to generate your own detection!

Take a look at the blog here.

Monday, February 2, 2015

ClamAV wins the "Community Choice" award for February!

We are honored to announce to our community that ClamAV was chosen for the "Community Choice" award on Sourceforge for the month of February!

A big thanks goes out to all of our users for voting for us, and we look forward to many new innovations in upcoming releases!

An excerpt:

For our February “Community Choice” Project of the Month, the community elected ClamAV, a GPL antivirus toolkit for UNIX that integrates with mail servers. The ClamAV team shared their thoughts about the project’s history, purpose, and direction.
Read our interview over on Sourceforge's webpage for our answers!