Hi there, On Thu, 30 May 2019, WagdeZ wrote
Using clamav... Is there any way to find out what is the risk level (score/priority/...) of the detected virus/malware?
The question is rather vague. In many cases the signature name gives some sort of clue to what the signature is about, so if you have a grasp of the infrastructure that you're dealing with (if you don't - get one, quick) you can get a feel for the relevance to you in your specific situation. This is part of the risk assessment that only you, with your very particular knowledge of your situation, can make. For example, if I were to see an incoming mail message flagged with Win.Exploit.CVE_2019_0758-6968262-1 it wouldn't have me on the edge of my seat because I don't operate any Windows boxes. There's no risk to any of my equipment from an exploit that can only attack a Windows operating system, although obviously I'd want to understand the reason for the detection before I forwarded the message to anyone else. I'd also want to know why the message got as far as it did through the chain of defences, because I haven't seen a mail message trigger a detection since last September and that's the way I like things to be. Peaceful. Nothing to keep me awake at night. Increasingly commonly, successful attacks employ many vulnerabilities rather than a single one. Often these multiple vulnerabilities are perceived as "low risk" individually, but when they're all brought together by a competent attacker the result is a complete compromise of the network. Misery. Any single detected threat is one too many. -- 73, Ged. _______________________________________________ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
