Password protection requires a little bit of typing, which gives the victim a
little more time to think,
and possibly just enough time to do the right thing. Virus writers just want
dumb users who click,
click, click as fast as possible, until it's too late.
...Chris
> Groach wrote:
> I guess
This is too true. But is it possible that over time Virus Total/ClamAV results
get
so good that black hats give up? Sadly, seems to be an argument in favor of
closed source.
...Chris
>
> Probably worth pointing out that the black hats have an excellent tool at
> their
> disposal to test their
Wow groach, no punches pulled! I have submitted more than 200 virus samples
(and confirmed on VT) since January 2015. The majority are still undetected by
native ClamAV. I can provide more precise numbers and details on Monday when I
get back to my quarantine server, if it is actually helpful
I guess it all depends on what you want from AV. I hope for 0 day email
detection. If my customsig or ClamAV official DB detect the virus in the
days and weeks AFTER the virus hit my inbox then I've already lost. I
never do full system file scans with ClamAV. I want incoming email
detection.
S
Hmm, that's strange. I have noted exactly the opposite behavior. My
customsig.ndb sigs
only get applied after official ClamAV detection has run. I know this because
I am
always watching for my UNOFFICIAL FOUNDs to be replaced by official ones and I
then
delete the related sig from my customsi
>
> Obviously going to disagree. We are pushing almost a thousand pieces of
> detection
> every four hours now, and that will only increase from here.
>
1,000,000 unique submissions per day vs. 6000 "pieces of detection" per day.
If that is
"apples" to "apples" then I'd have to say ClamAV is lo
>> My 2 cents would be that rapid traditional signature updates are not a
>> viable solution to this long term problem.
>> I'm pretty sure the current generation of Locky, Dridex, Nemucod, etc.
>> ransomware is generated using millions
>> of tiny mutations so that almost every email attachment h
Hi Michael and Michael,
You may want to look at sanesecurity[.]org. They have a supplemental ClamAV
database that
is supposed to be better at detecting the current scourge of ransomware and
malware. It
was recommended to me when I noted that ClamAV seems to miss a LOT of the
current malware,
b
My 2 cents would be that rapid traditional signature updates are not a viable
solution to this long term problem. I'm pretty sure the current generation of
Locky, Dridex, Nemucod, etc. ransomware is generated using millions of tiny
mutations so that almost every email attachment has a unique si
Ah, okay. A bug could explain a lack of notifications.
Must one ALSO be subscribed to the clamav-virusdb mailing list in order to
receive notifications?
thanks,
Chris
> Understood, hence the second part of my statement in my email:
>
> "We have a bug open with our team to check and see what the
tions in the choice of wording.
...Chris
> You must join the clamav-virusdb list in order to be notified. Did you do
> that?
> <http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-virusdb>
> -Al-
>>On Thu, May 05, 2016 at 06:06 AM, C.D. Cochrane wrote:
>>
>&
Hi,
I have been submitting virus samples for several months now and I always check
the "Notify Me" box on the submission page at clamav.net/reports/malware. I
have not received any notification. So, I am wondering (1) if my samples are
actually being received or (2) if "Notify Me" is not being
It just appears from reading this list that any FP on a non-standard use of the
product (not email attachment) gets a high priority among the ClamAV team. One
would think that non-standard FPs would be pushed way down on the to-do list.
If they are getting 1 million virus reports per day, then
Hi, I am the new guy here so please forgive my ignorance :) But "ClamAV is the
open source standard for mail gateway scanning software" It sure seems like a
lot of people are getting hot about FPs on files that are NOT received as
emails? I keep seeing log files, samba distributions and full
Thank you all for sharing Linux distribution and clamav source build options.
I probably should have kept my "whine" to myself :) There are always at least
5 ways to get the job done with Linux. Just have to find the one that works
best for my server.
...Chris
>> And I am guessing my Linux
And I am guessing my Linux distro will not just seamlessly move on to 0.99 by
itself with an "apt-get update".
Sent: Friday, March 25, 2016 at 11:00 PM
From: "Joel Esler (jesler)"
To: "ClamAV users ML"
Subject: Re: [clamav-users] Locky Dridex plan
Generally this means that we just won't reg
Hi,
I receive a Locky-ransomware variant almost every day as an email attachment.
So far ClamAV has failed to detect it. Each file has had a unique signature.
Does ClamAV have a detection plan and/or work in progress that will start to
detect future variants of this?
thanks,
Chris
___
Hi,
I used to receive an email acknowledging my submission of a virus file to
clamav.net. For the past 3 days I have submitted new virus files, but not
received any email confirmation. Is this new policy, or a symptom of a system
that is overwhelmed?
___
Thank you all for the replies. Just wanted to make sure my approach was
logical, and VT is a reliable reference point for clamav comparison scanning.
"millions of samples" received daily, wow! But how many are unique? Or,
putting on my "pretend bad guy" hat - if I was a virus writer I would
Hi,
Over the last 2 months of use I have collected and submitted 20+ virus
attachments to clamav. I always check the files on virustotal dot com before
submitting to clamav. To date, only one of the files is detected by clamav as a
virus on virustotal (and on my server), while other vendor detec
20 matches
Mail list logo
