Oliver Stöneberg wrote:
You should really cleanup your signatures. I have a Phishing set of
512 Phishing of which 23 are not recognised by ClamAV. From those
only 4 are captured by your signatures, which are the following:
Firstly, thanks for the feedback. Although I must say, I'm
disappointed but not really surprised that
my signatures, didn't get all your samples, as there are sooo many ways
of doing phishing attempts.
If I scan the complete set with your signatures a lot of mails
already recognised by ClamAV are actually recognised by your
signatures, so there are quite some duplicates in your signatures,
compared to ClamAV.
Hmmm.... well, in my sample set, I've certainly scanned them with the
default ClamAV sigs and
then used --remove to remove the samples *before* I try to create a sig
for the missed ones. I guess
there muar be dupes...elsewhere.
Both signatures will match... but
I might post a list of the signatures, that are recognising mails,
that are already in ClamAV signatues, but I rather see you doing a
cleanup first
I feel that it's going to be quite difficult for me to go though 500-odd
ClamAV phishing signatures and
compare them, with an editor to my 100-ish signatures and find out what
bits are duplicated. I really
need some samples.
If possible, to save a whole load of time... could you:
a) give me the sample phishing emails that are duplicated
b) give me the sample phishing emails that are missed
Email me, to chat off-list: steveb_clamav -AT- sanesecurity -DOT- com
Thanks again for the feedback...
Steve
_______________________________________________
http://lurker.clamav.net/list/clamav-users.html
