Tom Shaw wrote:
Just to clarify winnow_malware.hdb is designed to detect malware payloads. Thus, it is effective in an email system only when the payload is attached (such as a dropper, etc). It is also very effective when used in file system/download checking scenarios.
Thanks to Dennis and all other for the suggestions. I'm using now winnow_malware.hdb and rogue.hdb, and it seems to detect much better.
Just one question : if I have some non detected virus, where is the best place to submit samples ? Virustotal ? Clamav ? Other ?
-- _______________________________________________ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
