The CERT-AGID has introduced a new IoC flow format for ClamAV, an open-source antivirus, to enhance system protection for academic and institutional users. This feature responds to a request from the GARR community, allowing for customizable and user-friendly integration. Affected: CERT-AGID, ClamAV
Keypoints :
- The CERT-AGID now supports a ClamAV format for IoC flows.
- This integration aims to enhance the protection of systems used in academic and institutional contexts.
- The new format allows for the direct use of IoCs to identify suspicious files in ClamAV-protected systems.
- Public administrations accredited to the IoC flow can immediately use the new ClamAV format.
- An example of the IoC flow in ClamAV format is provided in the official documentation.
MITRE Techniques :
- None specified in the article.
Indicator of Compromise :
- [others ioc] type=clamav
- [others ioc] &type=clamav
- Check the article for all found IoCs.
Full Research: https://cert-agid.gov.it/news/nuovo-formato-per-clamav-disponibile-tramite-il-flusso-ioc-del-cert-agid/