What amount of samples are we talking? Do you want to submit whole spam or just the attachments?
-- Sent from my iPhone > On Dec 2, 2016, at 5:46 AM, Benoit Panizzon <benoit.paniz...@imp.ch> wrote: > > Hello ClamAvers! > > I work at an ISP and we operate a large email infrastructure. We use > ClamAV as our mail virus scanner. > > At the moment we face a lot of docx xlsx and zip files containing > malware which is not recognized by ClamAV. > > I operate a spamtrap to feed the SWINOG Blacklist. So to mitigate the > problem a bit, I started extracting attachments with the spamtrap and > push the MD5 hashes to a DNS based blacklist, which then is queried > from the mailserver infrastructure to block attachements which have > been seen by the spamtrap. > > This helps a bit, but only a bit. I see that certain types of malware > more or less constantly generated different MD5 checksums. > > I started submitting samples to virustotal and mostly only very few > scanners recognized them in the minutes after hitting my spamtrap. One > day later or so, about half the scanners get them, but not clamAV. > Usually clamAV catches up a bit on the Office Files several days later, > but still fails on Zip Files containing js malware. > > So I wonder if it would be of any help, if there was a way of > automatically mass submit the attachements I get on my spamtrap. I > could pre-scan them to only submit those which scan negative. > > Kind regards > > -BenoƮt Panizzon- > -- > I m p r o W a r e A G - Leiter Commerce Kunden > ______________________________________________________ > > Zurlindenstrasse 29 Tel +41 61 826 93 00 > CH-4133 Pratteln Fax +41 61 826 93 01 > Schweiz Web http://www.imp.ch > ______________________________________________________ > _______________________________________________ > clamav-users mailing list > clamav-users@lists.clamav.net > http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users > > > Help us build a comprehensive ClamAV guide: > https://github.com/vrtadmin/clamav-faq > > http://www.clamav.net/contact.html#ml _______________________________________________ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
