Hello ClamAvers! I work at an ISP and we operate a large email infrastructure. We use ClamAV as our mail virus scanner.
At the moment we face a lot of docx xlsx and zip files containing malware which is not recognized by ClamAV. I operate a spamtrap to feed the SWINOG Blacklist. So to mitigate the problem a bit, I started extracting attachments with the spamtrap and push the MD5 hashes to a DNS based blacklist, which then is queried from the mailserver infrastructure to block attachements which have been seen by the spamtrap. This helps a bit, but only a bit. I see that certain types of malware more or less constantly generated different MD5 checksums. I started submitting samples to virustotal and mostly only very few scanners recognized them in the minutes after hitting my spamtrap. One day later or so, about half the scanners get them, but not clamAV. Usually clamAV catches up a bit on the Office Files several days later, but still fails on Zip Files containing js malware. So I wonder if it would be of any help, if there was a way of automatically mass submit the attachements I get on my spamtrap. I could pre-scan them to only submit those which scan negative. Kind regards -BenoƮt Panizzon- -- I m p r o W a r e A G - Leiter Commerce Kunden ______________________________________________________ Zurlindenstrasse 29 Tel +41 61 826 93 00 CH-4133 Pratteln Fax +41 61 826 93 01 Schweiz Web http://www.imp.ch ______________________________________________________ _______________________________________________ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
