On Thu, May 8, 2014 5:47 pm, Kris Deugau wrote: > > I have been adding MD5 signatures, and somewhat more recently, .zmd > .zip-content-filename signatures (for doubled-extension files), but I do > not have time to dig more deeply and create more general signatures. > > -kgd
Hi, You could add sanesecurity.com signatures phish.ndb: has some simple zip heuristics to block some of these rogue.hdb: updated hourly for malware received Foxhole can be added to block all double extensions in zips *or* all dangerous attachments in Zips/rar/7zip: sanesecurity.com/foxhole-databases/ Just in case it helps.. Cheers, Steve Sanesecurity _______________________________________________ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/support/ml
