On 30/05/2016 19:40, Dennis Peterson wrote:
That explains Facebook's popularity.
Talking of the scourge of the earth.
___
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/contact.html#ml
On 5/30/16 10:04 AM, C.D. Cochrane wrote:
Password protection requires a little bit of typing, which gives the victim a
little more time to think,
and possibly just enough time to do the right thing. Virus writers just want
dumb users who click,
click, click as fast as possible, until it's too
Password protection requires a little bit of typing, which gives the victim a
little more time to think,
and possibly just enough time to do the right thing. Virus writers just want
dumb users who click,
click, click as fast as possible, until it's too late.
...Chris
> Groach wrote:
> I guess
Users are so trained to not open those now, they are defeated, plus conviction
of the file is pretty easy generically.
The ones going around right now with the JavaScript inside of zip files are
much more dynamic.
--
Joel Esler
iPhone
On May 30, 2016, at 11:17 AM, Groach
mailto:groachmail-sto
Haven't seen those in a couple years. They were big in the late 90's.
--
Joel Esler
iPhone
On May 30, 2016, at 10:21 AM, Kris Deugau
mailto:kdeu...@vianet.ca>> wrote:
Groach wrote:
As a side note: is anyone surprised a virus hasnt been released,
embedded in a 'password protected' Zip file (
Groach wrote:
> As a side note: is anyone surprised a virus hasnt been released,
> embedded in a 'password protected' Zip file (to fool AV scans) with the
> body of the email sayuing something like "to fight against viruses and
> to protect you, it is password protected. Your password is: ABC12
> On 29 May 2016, at 2:12 AM, Groach
> wrote:
>
> But with SANE DEFINITIONS:
>
> --- SCAN SUMMARY ---
> Known viruses: 4512349
> Engine version: 0.99.1
> Scanned directories: 0
> Scanned files: 24
> **Infected files: 23**
>
> Data scanned: 3.92 MB
> Data read: 1.48 MB (ratio 2
On 29/05/16 10:22, Groach wrote:
On 29/05/2016 10:19, kristen R wrote:
It should be obvious although not mentioned that everyone who uses
clamav is your fan club. I am a fan.
I also believe that clamav is an open source project? So if someone
doesn't like this product then they might submit
This is too true. But is it possible that over time Virus Total/ClamAV results
get
so good that black hats give up? Sadly, seems to be an argument in favor of
closed source.
...Chris
>
> Probably worth pointing out that the black hats have an excellent tool at
> their
> disposal to test their
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 5/28/16 6:46 PM, Joel Esler (jesler) wrote:
> A. I wish I had a fan club B. Thank you for your input. C.
> We'll do better.
>
> -- Joel Esler Manager, Talos Group
It should be obvious although not mentioned that everyone who uses
clamav is your
Probably worth pointing out that the black hats have an excellent tool at their
disposal to test their day zero viruses and that would be Virus Total which
happens to use ClamAV among others. It's not a fair fight when we give them the
means to defeat us.
dp
On 5/28/16 7:46 PM, Joel Esler (j
A. I wish I had a fan club
B. Thank you for your input.
C. We'll do better.
--
Joel Esler
Manager, Talos Group
Sent from my iPad
On May 28, 2016, at 7:37 PM, Groach
mailto:groachmail-stopspammin...@yahoo.com>>
wrote:
Ooh, Joel, Im going to enjoys replying to this one...
On 28/05/2016 2
tated pretty
clearly. It really does not matter whether ClamAV adds the item 2 days later
or 2 years later. They already got through.
...Chris
> Sent: Saturday, May 28, 2016 at 7:36 PM
> From: Groach
> To: "ClamAV users ML"
> Subject: Re: [clamav-users] ClamAV+exim:
To be honest right now, I'm interested in threats coming out more recently.
While yes, your concern is valid, I'd like to hear from someone with a more
recent test set.
--
Joel Esler
iPhone
On May 28, 2016, at 12:13 PM, Groach
mailto:groachmail-stopspammin...@yahoo.com>>
wrote:
24 files, AL
Hello Joel,
On Sat, 28 May 2016, Joel Esler wrote:
So our recent improvements and detection have not produced any
different result in the field?
If you're asking me, I think you're asking the wrong person. As I
explained in my October 2014 message, I filter out the vast majority
of the cr@p
Are these true viruses or otherwise harmful (and if so how is that known) or
does the list include messages that are unwanted junk mail? If junk mail, which
is subjective, there will always be differences between vendor signatures
because nobody agrees about what is and is not junk mail.
dp
O
24 files, ALL OF THEM are viruses of some sort or another (including 1
which is the eicar test virus).
ClamAV database:
--- SCAN SUMMARY ---
Known viruses: 4397481
Engine version: 0.99.1
Scanned directories: 0
Scanned files: 24
**Infected files: 10**
Data scanned: 5.27 MB
Data
I have several viruses on file that I have accumulated over the last two years
or so. I will do a test to see which ones are detected and I will post the
results here.
On 28 May 2016 17:03:22 CEST, "Joel Esler (jesler)" wrote:
>So our recent improvements and detection have not produced any
>dif
So our recent improvements and detection have not produced any different result
in the field?
Sent from my Apple Watch
On May 28, 2016, at 10:01 AM, G.W. Haywood wrote:
> Hi there,
>
> On Mon, 23 May 2016, C.D. Cochrane wrote:
>
>> ... ClamAV is just ...
>
> and on Mon, 23 May 2016, Joel Es
Hi there,
On Mon, 23 May 2016, C.D. Cochrane wrote:
... ClamAV is just ...
and on Mon, 23 May 2016, Joel Esler wrote:
Obviously going to disagree. ...
I'll disagree too, since ClamAV here sees approximately one virus per
annum (and as far as I'm concerned, whether or not ClamAV detects th
Hello everyone,
Am 23.05.2016 um 15:33 schrieb Michael D. L.:
On 05/23/2016 02:44 PM, C.D. Cochrane wrote:
You may want to look at sanesecurity[.]org. They have a supplemental
ClamAV database that
is supposed to be better at detecting the current scourge of
ransomware and malware. It
was rec
On Monday 23 May 2016 14:15:44 C.D. Cochrane wrote:
> > Obviously going to disagree. We are pushing almost a thousand pieces
> > of detection every four hours now, and that will only increase from
> > here.
>
> 1,000,000 unique submissions per day vs. 6000 "pieces of detection"
> per day. If that
On 23/05/2016 21:21, Joel Esler wrote:
On Mon, May 23, 2016 at 08:56:57PM +0200, Groach wrote:
On 23/05/2016 20:39, Dave McMurtrie wrote:
On Mon, 2016-05-23 at 19:52 +0200, C.D. Cochrane wrote:
ClamAV is fast, free, easy to integrate with just about any MTA and
it's actively developed. We've
On Mon, May 23, 2016 at 08:56:57PM +0200, Groach wrote:
On 23/05/2016 20:39, Dave McMurtrie wrote:
On Mon, 2016-05-23 at 19:52 +0200, C.D. Cochrane wrote:
ClamAV is fast, free, easy to integrate with just about any MTA and
it's actively developed. We've been running it for years, along with
th
On Mon, May 23, 2016 at 06:39:41PM +, Dave McMurtrie wrote:
On Mon, 2016-05-23 at 19:52 +0200, C.D. Cochrane wrote:
>> My 2 cents would be that rapid traditional signature updates are not a
viable solution to this long term problem.
>> I'm pretty sure the current generation of Locky, Dridex
On Mon, 2016-05-23 at 19:52 +0200, C.D. Cochrane wrote:
> >> My 2 cents would be that rapid traditional signature updates are not a
> >> viable solution to this long term problem.
> >> I'm pretty sure the current generation of Locky, Dridex, Nemucod, etc.
> >> ransomware is generated using millio
Every AV is losing. That’s why we’re working on alternative things at the
same time.
--
Joel Esler
Manager, Talos Group
On May 23, 2016, at 2:15 PM, C.D. Cochrane
mailto:c...@post.com>> wrote:
Obviously going to disagree. We are pushing almost a thousand pieces of
detection
every four
>
> Obviously going to disagree. We are pushing almost a thousand pieces of
> detection
> every four hours now, and that will only increase from here.
>
1,000,000 unique submissions per day vs. 6000 "pieces of detection" per day.
If that is
"apples" to "apples" then I'd have to say ClamAV is lo
--
Joel Esler
Manager, Talos Group
On May 23, 2016, at 1:52 PM, C.D. Cochrane
mailto:c...@post.com>> wrote:
My 2 cents would be that rapid traditional signature updates are not a viable
solution to this long term problem.
I'm pretty sure the current generation of Locky, Dridex, Nemucod, et
>> My 2 cents would be that rapid traditional signature updates are not a
>> viable solution to this long term problem.
>> I'm pretty sure the current generation of Locky, Dridex, Nemucod, etc.
>> ransomware is generated using millions
>> of tiny mutations so that almost every email attachment h
Everything about ClamAV is open source and free. Including the signatures. There
is nothing stopping any of us from filling the gaps in signatures.
dp
On 5/23/16 9:45 AM, Groach wrote:
On 23/05/2016 14:44, C.D. Cochrane wrote:
Hi Michael,
I made a similar inquiry last week (Signature update
On 05/23/2016 03:52 PM, Steve Basford wrote:
Excellent - just installed it, and it's already working it's magic :)
The views and opinions expressed by Michael in the above post that
Sanesecurity possesses magic, are solely his own and do not necessarily
represent the views of the ministry of ma
On Mon, May 23, 2016 2:33 pm, Michael D. L. wrote:
>
>
> On 05/23/2016 02:44 PM, C.D. Cochrane wrote:
>
>> Hi Michael and Michael,
>> You may want to look at sanesecurity[.]org. They have a supplemental
>> ClamAV database that
>> is supposed to be better at detecting the current scourge of ranso
On 05/23/2016 02:44 PM, C.D. Cochrane wrote:
Hi Michael and Michael,
You may want to look at sanesecurity[.]org. They have a supplemental ClamAV
database that
is supposed to be better at detecting the current scourge of ransomware and
malware. It
was recommended to me when I noted that Clam
Hello,
Le lundi 23 mai 2016, 14:44:33 C.D. Cochrane a écrit :
> Hi Michael and Michael,
> You may want to look at sanesecurity[.]org. They have a supplemental ClamAV
> database that is supposed to be better at detecting the current scourge of
> ransomware and malware.
You can check this too :
h
Hi Michael and Michael,
You may want to look at sanesecurity[.]org. They have a supplemental ClamAV
database that
is supposed to be better at detecting the current scourge of ransomware and
malware. It
was recommended to me when I noted that ClamAV seems to miss a LOT of the
current malware,
b
On 05/23/2016 01:43 PM, Michael Heseltine wrote:
Hello all,
I have recently modified my exim (4.82) configuration so that all
messages pass through clamav (0.99.2) first. Anything labeled as
malware should be rejected while the incoming SMTP connection is still
open (using an *acl_smtp_data*
Hello all,
I have recently modified my exim (4.82) configuration so that all
messages pass through clamav (0.99.2) first. Anything labeled as malware
should be rejected while the incoming SMTP connection is still open
(using an *acl_smtp_data* in exim).
But so far, this setup has not detected
38 matches
Mail list logo
