Re: [clamav-users] Win.Trojan.Toa-5368540-0 - How many people need to complain before you listen?

Reindl Harald Thu, 29 Dec 2016 01:32:48 -0800


Am 29.12.2016 um 10:21 schrieb Reindl Harald:

Am 29.12.2016 um 03:54 schrieb Al Varnell:

Over 11,000 of them were dropped several days ago, but a few were
added at the same time. I have no idea what the status of those new
ones are and maybe I've lost track, but I believe only one of the new
ones has been brought up here.

Since all signatures are put through their QA process before release,
I'm not clear on what it is you are proposing.


probably that the QA process is not working the last 2 months?

state of the official sgnatures is that clamav don't catch many real
malware all over the time without sanesecurity 3rd party signatures and
the official

cat clamscan.log | grep FOUND | wc -l
5267

cat clamscan.log | grep FOUND | grep UNOFFICIAL | wc -l
4281

i bet the 25% would have been caught by sanesecurity sigs too


these are 99.9% false positives and hence only scored

cat clamscan.log | grep FOUND | grep"Heuristics.Phishing.Email.SSL-Spoof" | wc -l

662

these are not signatures and only scored

cat clamscan.log | grep FOUND | grep "Heuristics.OLE2.ContainsMacros" |wc -l

given how much memory the instance with the officical signatures i amgoing so far to say that i would love to be able to *completly* exclude"daily.cld", "daily.cvd" and "main.cvd" and only update"safebrowsing.cvd" and just keep the few sanesecurity signatures in theclamd-instance which is allowed to reject directly via milter


[root@mail-gw:~]$ ls /var/lib/clamav
insgesamt 210M

-rw-r--r-- 1 clamupdate clamupdate 75K 2016-12-28 12:53foxhole_filename.cdb

-rw-r--r-- 1 clamupdate clamupdate  44K 2016-06-28 09:58 foxhole_generic.cdb

-rw-r--r-- 1 clamupdate clamupdate 4,1K 2016-06-18 16:55thelounge_blocked_extensions.cdb

-rw-r--r-- 1 clamupdate clamupdate  79M 2016-12-29 09:25 daily.cld
-rw-r--r-- 1 clamupdate clamupdate  85K 2016-07-04 14:30 bytecode.cvd
-rw-r--r-- 1 clamupdate clamupdate  26M 2016-12-18 01:25 daily.cvd
-rw-r--r-- 1 clamupdate clamupdate 105M 2016-07-04 14:29 main.cvd
-rw-r--r-- 1 clamupdate clamupdate  11K 2016-10-18 15:56 sanesecurity.ftm

-rw-r--r-- 1 clamupdate clamupdate 103K 2016-12-29 09:47bofhland_malware_attach.hdb

-rw-r--r-- 1 clamupdate clamupdate   82 2016-07-13 21:44 crdfam.clamav.hdb
-rw-r--r-- 1 clamupdate clamupdate  14K 2016-12-22 10:51 rogue.hdb

-rw-r--r-- 1 clamupdate clamupdate 86K 2016-12-29 09:45winnow_extended_malware.hdb

-rw-r--r-- 1 clamupdate clamupdate 264K 2016-12-29 09:45 winnow_malware.hdb
-rw-r--r-- 1 clamupdate clamupdate  48K 2015-08-05 09:24 hackingteam.hsb
-rw-r--r-- 1 clamupdate clamupdate  15K 2016-08-10 15:06 malwarehash.hsb
-rw-r--r-- 1 clamupdate clamupdate  16K 2016-12-29 09:46 porcupine.hsb
-rw-r--r-- 1 clamupdate clamupdate 6,7K 2016-11-25 09:56 sigwhitelist.ign2

-rw-r--r-- 1 clamupdate clamupdate 196 2016-08-10 09:57thelounge_whitelist.ign2

-rw-r--r-- 1 clamupdate clamupdate  56K 2016-12-27 20:39 badmacro.ndb
-rw-r--r-- 1 clamupdate clamupdate  59K 2016-12-29 09:52 blurl.ndb

-rw-r--r-- 1 clamupdate clamupdate 1012 2016-12-29 09:47bofhland_malware_URL.ndb

-rw-r--r-- 1 clamupdate clamupdate 337K 2016-12-29 09:46 porcupine.ndb

-rw-r--r-- 1 clamupdate clamupdate 61 2016-10-10 19:47thelounge_custom_sigs.ndb-rw-r--r-- 1 clamupdate clamupdate 1,3M 2016-12-29 09:45winnow_malware_links.ndb


[root@mail-gw:~]$ ls /var/lib/clamav-spam/
insgesamt 77M
-rw-r--r-- 1 clamupdate clamupdate 9,1K 2016-11-28 16:00 foxhole_all.cdb
-rw-r--r-- 1 clamupdate clamupdate 2,7K 2016-12-06 09:52 foxhole_js.cdb

-rw-r--r-- 1 clamupdate clamupdate 5,7K 2016-06-18 16:55thelounge_tagged_extensions.cdb

-rw-r--r-- 1 clamupdate clamupdate  85K 2016-07-04 14:30 bytecode.cvd
-rw-r--r-- 1 clamupdate clamupdate  43M 2016-11-04 18:27 safebrowsing.cvd
-rw-r--r-- 1 clamupdate clamupdate  11K 2016-10-18 15:56 sanesecurity.ftm
-rw-r--r-- 1 clamupdate clamupdate 1,3K 2016-12-12 16:53 spamattach.hdb
-rw-r--r-- 1 clamupdate clamupdate 6,0K 2016-12-08 10:53 spamimg.hdb

-rw-r--r-- 1 clamupdate clamupdate 515K 2016-12-29 09:45winnow.attachments.hdb

-rw-r--r-- 1 clamupdate clamupdate   66 2016-12-29 09:45 winnow_bad_cw.hdb
-rw-r--r-- 1 clamupdate clamupdate 6,7K 2016-11-25 09:56 sigwhitelist.ign2

-rw-r--r-- 1 clamupdate clamupdate 196 2016-08-10 09:57thelounge_whitelist.ign2

-rw-r--r-- 1 clamupdate clamupdate 1011 2016-11-29 17:56 shelter.ldb
-rw-r--r-- 1 clamupdate clamupdate  556 2016-10-06 15:53 spam.ldb

-rw-r--r-- 1 clamupdate clamupdate 660 2016-12-29 09:45winnow.complex.patterns.ldb

-rw-r--r-- 1 clamupdate clamupdate  59K 2016-12-29 09:52 blurl.ndb

-rw-r--r-- 1 clamupdate clamupdate 656 2016-12-29 09:47bofhland_cracked_URL.ndb-rw-r--r-- 1 clamupdate clamupdate 1012 2016-12-29 09:47bofhland_malware_URL.ndb-rw-r--r-- 1 clamupdate clamupdate 2,2K 2016-12-29 09:47bofhland_phishing_URL.ndb

-rw-r--r-- 1 clamupdate clamupdate 5,7K 2016-11-21 09:55 foxhole_all.ndb
-rw-r--r-- 1 clamupdate clamupdate  230 2016-11-21 09:55 foxhole_js.ndb
-rw-r--r-- 1 clamupdate clamupdate 6,5M 2016-12-20 16:53 junk.ndb
-rw-r--r-- 1 clamupdate clamupdate 228K 2016-12-29 09:52 jurlbla.ndb
-rw-r--r-- 1 clamupdate clamupdate 196K 2016-12-29 09:52 jurlbl.ndb
-rw-r--r-- 1 clamupdate clamupdate 240K 2016-07-29 18:20 lott.ndb
-rw-r--r-- 1 clamupdate clamupdate 3,8M 2016-12-28 12:53 phish.ndb
-rw-r--r-- 1 clamupdate clamupdate 3,5M 2016-12-29 09:46 phishtank.ndb
-rw-r--r-- 1 clamupdate clamupdate  14M 2016-12-29 09:45 scamnailer.ndb
-rw-r--r-- 1 clamupdate clamupdate 1,8M 2016-11-28 16:24 scam.ndb
-rw-r--r-- 1 clamupdate clamupdate  49K 2016-12-28 19:52 spearl.ndb
-rw-r--r-- 1 clamupdate clamupdate 2,0M 2016-12-28 19:48 spear.ndb

-rw-r--r-- 1 clamupdate clamupdate 61 2016-10-10 19:47thelounge_custom_sigs.ndb-rw-r--r-- 1 clamupdate clamupdate 159 2016-12-29 09:45winnow_extended_malware_links.ndb-rw-r--r-- 1 clamupdate clamupdate 1,3M 2016-12-29 09:45winnow_malware_links.ndb-rw-r--r-- 1 clamupdate clamupdate 297K 2016-12-29 09:45winnow_phish_complete.ndb-rw-r--r-- 1 clamupdate clamupdate 165K 2016-12-29 09:45winnow_spam_complete.ndb-rw-r--r-- 1 clamupdate clamupdate 1,5K 2015-07-01 14:54Sanesecurity_sigtest.yara-rw-r--r-- 1 clamupdate clamupdate 1,3K 2016-02-22 13:21Sanesecurity_spam.yara

_______________________________________________
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Win.Trojan.Toa-5368540-0 - How many people need to complain before you listen?

Reply via email to