Karsten Bräckelmann schrieb: > Recent flood of (German only?) Trojan.Agent malware, partly slipping by > ClamAV. So I now am submitting samples where I spot 'em... > > By doing so, two questions came up: > > (a) After testing the sample message with Virustotal, should I even > bother submitting it from clamav.net, too? If memory serves me > correctly, these samples are being forwarded to the ClamAV sig team > anyway. Just couldn't find any note on the websites... > > (b) When submitting on clamav.net I opted in for "notify me" and "stay > anonymous". However, I didn't get any notification about yesterdays > sample, which already has been added to the sigs. How comes, is this > broken? > > Thanks in advance for any insight, that might help speed up the process > and not waste our sig teams time unnecessarily. > > guenther > >
Hi Karsten, just for may interest, i dont see a significant grow of german maleware in mail, i use clamav-milter with http://www.sanesecurity.com/clamav/ and i dont know something slipping through ( investigated the quarantaine dir ) on 5 realy big mailserver with over hundert domains ( mostly german ) an over 3000 mailboxes, after all it would only be evil if real viri bypass but as its some kind of spam ( pishing etc ) its checked from spamassassin and marked too in my setups perhaps you should tune up antispam features in your mailserver in general to block incoming bots before getting to clamav-antivir stage that should raise down the maleware rate in any case so where do your info come from ? -- Best Regards MfG Robert Schetterer Germany/Munich/Bavaria _______________________________________________ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
