store | blogs | forums | twitter | facebook | wiki | downloads | support portal
Atomic Secure Linux
It is currently Sat Aug 17, 2019 1:51 pm

» Feed - Atomicorp

All times are UTC - 5 hours [ DST ]




Post new topic Reply to topic  [ 2 posts ] 
Author Message
 Post subject: Understanding Malware Blacklist
Unread postPosted: Thu Apr 17, 2014 8:18 pm 
Offline
New Forum User
New Forum User

Joined: Thu Apr 17, 2014 8:12 pm
Posts: 1
Location: Gibraltar
Hello,

I got a hit on my clamav squid proxy that has the ASL clamav rules installed.

Specifically this:
ASL.MalwareBlacklist.flavors.me.UNOFFICIAL FOUND

Does anyone know where to find information on what exactly that means? I found some posting which suggested it means that a host tried to contact an IP that is on a malware blacklist. Is that correct?

Here is the entry from the rule file:
ASL-blacklist.ldb:ASL.MalwareBlacklist.flavors.me;Target:0;(0=0)&(1=0)&(2=0)&(3|4);41746f6d69636f72702e636f6d205741462052756c65733a;61746f6d69636f72702e636f6d207761662072756c65733a;6f737365632068696473206e6f74696669636174696f6e2e;3a2f2f{-255}2e666c61766f72732e6d65;3a2f2f666c61766f72732e6d65

Does anyone know how to make sense of that? are those hashes of known malware files?

Thanks for any help anyone can provide.
Eric


Top
 Profile  
Reply with quote  
 Post subject: Re: Understanding Malware Blacklist
Unread postPosted: Thu Apr 17, 2014 9:56 pm 
Offline
Atomicorp Staff - Site Admin
Atomicorp Staff - Site Admin
User avatar

Joined: Thu Feb 07, 2008 7:49 pm
Posts: 4081
Location: Chantilly, VA
Thank you for the question. So first, thats a pretty old signature, so you need to get your rules up to date.

And yes, those rules look for known malware sites/domains in a URL (based on what our honeypots were seeing at the time the domain was added). They are automatically generated from our honeypots and automatically removed when they are no longer malicious. So you want to make sure you are only using the latest signatures.

https://www.atomicorp.com/wiki/index.ph ... ged_out.3F

_________________
Michael Shinn
Atomicorp - Security For Everyone


Top
 Profile  
Reply with quote  
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 2 posts ] 

» Feed - Atomicorp

All times are UTC - 5 hours [ DST ]


Who is online

Users browsing this forum: No registered users and 2 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group