I've had to exempt 4 MBL sigs in 24 hours. Where's the QC?
I'm on a knife edge about just dropping MBL.
From: clamav-users on behalf of Alex
Sent: Friday, April 27, 2018 8:22:05 PM
To: ClamAV users ML
Subject: [clamav-users] Malwarepatrol false positives
Hi,
Hi,
Getting hits today on this entry in daily.cld.
[root@smtp1 clamav]# sigtool --find-sigs
Ppt.Exploit.CVE_2017_0199-6336815-1|sigtool --decode-sigs
VIRUS NAME: Ppt.Exploit.CVE_2017_0199-6336815-1
TARGET TYPE: ANY FILE
OFFSET: *
DECODED SIGNATURE:
schemas.openxmlformats.org/officedocument{WILDC
>Does anyone think it's reasonable/acceptable to block all macros in
>any sizable organization?
Yes.
We are 2-4 million messages/day, dunno if that is "sizable" to you.
___
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clam
On 10/06/2014 08:32 AM, Webmaster wrote:
Le lundi 6 octobre 2014, 10:05:11 Alain Zidouemba a écrit :
If you think it needs to be quicker, then maybe you could volunteer your
time to help with the analysis (I'm not sure how you'd go about this)
Or use this :
https://securiteinfo.com/services/c
so I suggest taking a look at Sanesecurity
<http://sanesecurity.com> to see if they have what you need.
Steve runs things there and subscribes to this list so will probably have some
more specific knowledge.
-Al-
On Sat, Jun 14, 2014 at 12:56 AM, Vincent Fox wrote:
Hi,
We use ClamAV,
Hi,
We use ClamAV, and I have noticed a certain class of spam hitting us lately
that has VERY long final lines of garbage text.
The reason I noticed it was the length exceeds 2048 characters, which trips
a problem in POP3 client downloads.
Anyhow is there any signature that can be used to score
On 4/8/2014 8:12 PM, Carl Brewer wrote:
On 13/02/2014 8:48 PM, Sim wrote:
Hello!
In the last weeks/months the unrecognized virus are increasingly
exponentially
(not only for Clamav but for all antivirus).
My idea is "block" all EXE/SRC (also into ZIP/RAR).
Executing "clamscan --debug filename"
Comment about this feature, which I've never turned on before.
I flipped it on, for a single mail router in a pool of 9. Over the
course of a day
and MANY messages, it tripped for only 4 messages, all of which seem legit.
So I'm turning it back off.
__
On 8/14/2013 7:58 AM, G.W. Haywood wrote:
Hi there,
On Wed, 14 Aug 2013, Vincent Fox wrote:
Re: clamd taking too long to restart?
Previously I was using a short list of signatures and startup time of 30
seconds which was acceptable. Well it didn't get noticed much.
However recently I
On 8/13/2013 9:46 PM, Matt Olney wrote:
OK...I'll do some testing tomorrow and see if we can't come up with some
information for you.
Mainly I want MX pool heavy on signatures. I tested shorter list on
SMTP pool:
ss_dbs="
blurl.ndb
bofhland_malware_URL.ndb
bofhland_phishing_URL.ndb
On 8/13/2013 8:49 PM, Matt Olney wrote:
Sowhat qualifies as a kitchen sink-load?
Most everything that SaneSecurity hosts that is low or medium risk:
ss_dbs="
blurl.ndb
bofhland_cracked_URL.ndb
bofhland_malware_URL.ndb
bofhland_phishing_URL.ndb
bofhland_malware_attach.hdb
Hi,
Previously I was using a short list of signatures and startup time of 30
seconds
which was acceptable. Well it didn't get noticed much.
However recently I added a kitchen sink of extra databases like winnow etc.
Now startup time is 2.5 minutes, which becomes noticeable.
Any way to amelio
Found the answer to part of my question with:
clamconf -n
I still have a problem that previous admin was downloading
lots of unofficial signatures, to a place that clamd isn't paying
any attention to. Working on that part.
Thanks!
On 07/26/2013 12:44 PM, Vincent Fox wrote:
Hi,
I&#x
Hi,
I've been puzzling over a ClamAV installation I was handed.
Is there an easy way to verify which signatures are being loaded/used?
It's not clear to me, where you go to enable/disable signatures.
I see quite a lot of signatures being downloaded by freshclam and/or
the unofficial-sigs.sh job
On 2/11/2011 8:31 AM, Jan-Pieter Cornet wrote:
On the other hand, since you haven't updated ClamAV in over a year, leading to
(significantly) decreased detection, maybe the scanning of email isn't top
priority, and your mail scanning engine needs to fallback to letting mail
through on scan err
15 matches
Mail list logo
