Then you would probably benefit from a SecuriteInfo subscription that includes an entire Unofficial database dedicated to JavaScript <https://www.securiteinfo.com/services/improve-detection-rate-of-zero-day-malwares-for-clamav.shtml>.
Sent from Janet's iPad -Al- On Mar 14, 2016, at 9:08 PM, Scott Galambos wrote: > Scanning these ZIP/.js viruses has a hit rate of about 35%. 35% of all > antivirus packages will say they are viruses. For example running one > through https://www.virustotal.com will say out of about 53 antivirus > programs, 16 flag it as a virus. > > They are definitely malware and should be stopped. > > -- > Thanks for the response. All I know is I keep getting them, and they are > definitely unwanted. Here are a couple examples (I've renamed them): > http://sites.extremehosting.ca/temp/ > > On 2016-03-14 11:52 PM, Al Varnell wrote: >> I don’t have any answers, but you have raised my curiosity level. >> What exactly is the threat from these javascript files you are >> finding? In checking the over four million virus signatures provided >> in the official ClamAV database, I see there are only 440 labeled as >> “.js” based and 94% of those are in the main.cvd which means they are >> old. Of the 28 in daily.cvd, 22 are labeled as PUA (potentially >> unwanted applications) which normally indicate low/no threat. I’d >> have to conclude that either there have not been sufficient js file >> samples submitted which turn out to be threats or they are somehow >> low priority to the signature writers here. >> >> Perhaps I’m just out-of-touch since I deal almost exclusively with >> Apple Mac threats, but as far as I know there are no e-mail >> javascript threats to OS X or it’s applications and about the worst >> we see via web browsers are fake ransomeware and tech-support >> pop-ups. >> >> -Al- >> >> On Mon, Mar 14, 2016 at 08:03 PM, Scott Galambos wrote: >>> >>> I've upgraded to the latest Clamav 0.99.1 on Linux/Sendmail and it >>> still is not catching all these ZIP files with .js files inside >>> them. Is clamav suppose to stop these? >>> >>> I constantly get these messages with .ZIP attachments that I would >>> think clamav should stop. Am I expecting too much? missing >>> something? _______________________________________________ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
