The one thing that we do know is that you shouldnt have expectations of
ClamAV to be effective for Zero Hour, or even Zero Day (or some could
argue more) effective and you really shouldnt expect such immediate
response or effectiveness. (They will have their reasons - team size,
techology, reliance on public etc). To give you a realistic idea - a
recent FP I had and reported (involving marking a shed load of PDF's
that go back several years long before the supposed threat was even
invented) took 4 days to be removed after being reported.
For more immediate effectiveness then, yes, you should be relying on
Sane (or others).
Any 24hour released threats have (for my system) always been detected by
Sane (I rarely get Clam detecting anything as the threat has since been
detected by Sane and remove, or the threat is no longer prevalent, by
the time matching ClamAV sigs get released).
You asked about expectation and requirements to rely on Sane: I believe
the above is the answer giving a true reflection of the facts from my
experience.
On 31/08/2018 03:34, Alex wrote:
Hi,
I submitted a false-negative about six hours ago and it hasn't yet
been detected and still seeing them being received. I don't want to
post it here to further enable the scammers, but this is the
virustotal entry:
https://www.virustotal.com/#/file/ef65f07bf10746665d308e147a6a86329c169e1ac86e7e414ae5a809210775c1/detection
A dozen other antivirus vendors are blocking them now - why not
clamav? How does the process of adding new signatures work? Is there a
staff of people working on this or something less?
I realize it's free, and I'm not complaining - just want to know what
I should expect. We've also contributed to Steve's effort at Sane, but
should we be relying on him?
Thanks,
Alex
_______________________________________________
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/contact.html#ml
_______________________________________________
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/contact.html#ml
