At 10:18 AM +0100 10/15/09, Steve Basford wrote:
> I am interested in Tom's list of unofficial signatures - but haven't
found the recommended way to use the signatures. Do I need to download
them periodically - or do I just add an additional freshclam
DataBaseMirror directive. In either case - exactly what is the url to
download from - or to add to the freshclam directive?
Hi Richard,
Download one of the scripts here, ideally script 1 (Bill Landry):
http://sanesecurity.co.uk/download_scripts_linux.htm
Current databases are described here:
http://sanesecurity.co.uk/databases.htm
Note that rougue.hdb, phish.ndb and winnow_malware.hdb and
winnow_malware_links.ndb, all deal with malware.
Example stats:
http://www.oucs.ox.ac.uk/network/smtp/relay/stats/index.xml.ID=malware
(using phish.ndb, scam.ndb, junk.ndb)
BTW, current fake Microsoft Outlook Notification is currently being
blocked, as Sanesecurity.Malware.12699
Steve,
The samples I have of that one are being detected by ClamAV standard
sigs as Trojan.Peed-477. Wonder why you and some others didn't detect
it with standard sigs? Could this be a problem? Do you have samples
that were undetectable?
Tom
--
Tom Shaw - Chief Engineer, OITC
<tshaw at oitc.com>, http://www.oitc.com/ local wx: http://www.oitc.com/weather
US Phone Numbers: 321-984-3714, 321-729-6258(fax), 321-258-2475
(cell/voice mail,pager) US skypeline: 321-622-9098
Text Paging: http://www.oitc.com/Pager/sendmessage.html
AIM/iChat: trs...@mac.com
Skype: trshaw
Fish more and Live longer
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
