Am 20.11.2017 um 16:01 schrieb Peter Geerts:
As far as I understand : files that are uploaded to a website/CMS system
are offered/delegated to clamav for checking.
Can you elaborate on the sanesecurity link because I have been at their
site but didn't find anything that could help me for this specific
scenario.
you don't want any scripts uploaded on a website by foreigners at all
http://sanesecurity.com/usage/signatures/
http://sanesecurity.com/foxhole-databases/
sorry, but nobody can read the signature descriptions for you and sql
injection has nothing to do with clamav / file-uploads at all - here you
go: https://www.modsecurity.org/
if you think you can just eaisly secure a webserver with some clicks and
install some stuff you are wrong - invest the time to do your homework
or hire somebody - seriously!
2017-11-20 15:56 GMT+01:00 Reindl Harald <[email protected]>:
Am 20.11.2017 um 15:48 schrieb Peter Geerts:
Perhaps this has been raised earlier but as a newbie I have a question
regarding Clamav capabilities in this area.
We currently already run a 99.2 version on Red Hat which does a lot of
virus checking already but malicious (script) code is not detected.
If this is at all possible I would like to receive pointers on how to
configure this , if not we will have to look at another product most
likely
there is no single yes/no answer because it all depends on your usecase -
a inbound mailserver using clamd for scoring combined with SpamAssassin has
different filters than a unconditional clamav-milter or clamav running on a
workstation
in any case without http://sanesecurity.com/ clamav has poor rates at all
but you need to consider wisely which signatures macth your usecase
_______________________________________________
clamav-users mailing list
[email protected]
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/contact.html#ml
