Understanding Malware Blacklist
Posted: Thu Apr 17, 2014 8:18 pm
Hello,
I got a hit on my clamav squid proxy that has the ASL clamav rules installed.
Specifically this:
ASL.MalwareBlacklist.flavors.me.UNOFFICIAL FOUND
Does anyone know where to find information on what exactly that means? I found some posting which suggested it means that a host tried to contact an IP that is on a malware blacklist. Is that correct?
Here is the entry from the rule file:
ASL-blacklist.ldb:ASL.MalwareBlacklist.flavors.me;Target:0;(0=0)&(1=0)&(2=0)&(3|4);41746f6d69636f72702e636f6d205741462052756c65733a;61746f6d69636f72702e636f6d207761662072756c65733a;6f737365632068696473206e6f74696669636174696f6e2e;3a2f2f{-255}2e666c61766f72732e6d65;3a2f2f666c61766f72732e6d65
Does anyone know how to make sense of that? are those hashes of known malware files?
Thanks for any help anyone can provide.
Eric
I got a hit on my clamav squid proxy that has the ASL clamav rules installed.
Specifically this:
ASL.MalwareBlacklist.flavors.me.UNOFFICIAL FOUND
Does anyone know where to find information on what exactly that means? I found some posting which suggested it means that a host tried to contact an IP that is on a malware blacklist. Is that correct?
Here is the entry from the rule file:
ASL-blacklist.ldb:ASL.MalwareBlacklist.flavors.me;Target:0;(0=0)&(1=0)&(2=0)&(3|4);41746f6d69636f72702e636f6d205741462052756c65733a;61746f6d69636f72702e636f6d207761662072756c65733a;6f737365632068696473206e6f74696669636174696f6e2e;3a2f2f{-255}2e666c61766f72732e6d65;3a2f2f666c61766f72732e6d65
Does anyone know how to make sense of that? are those hashes of known malware files?
Thanks for any help anyone can provide.
Eric