Tom Shaw wrote:
Just to clarify winnow_malware.hdb is designed to detect malware
payloads. Thus, it is effective in an email system only when the
payload is attached (such as a dropper, etc). It is also very
effective when used in file system/download checking scenarios.
Thanks to Dennis and all other for the suggestions. I'm using now
winnow_malware.hdb and rogue.hdb, and it seems to detect much better.
Just one question : if I have some non detected virus, where is the
best place to submit samples ? Virustotal ? Clamav ? Other ?
If you submit a file to virus-samp...@oitc.com I'll process it for
winnow_malware.hdb and at the same time send it to the ClamAV malware
signature team and virustotal to check if others can detect.
If you submit a url to malware to virus-samp...@oitc.com I'lldownload
the malware process it for winnow_malware.hdb and at the same time
send it to the ClamAV malware signature team and virustotal to check
if others can detect.
Tom
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
