Re: [clamav-users] Bad detection rate

* Dennis Peterson : > The OP brought up several points, none of which were addressed. > > 1. Nevertheless, the detection rate of viruses, trojans, etc. is not > very good. Almost every time I submit a sample file on virustotal.com > ClamAV can not detect the virus or malware. > > 2. Up to now, I

Re: [clamav-users] Bad detection rate

Joel Esler (jesler) wrote: On Jun 25, 2014, at 4:23 AM, Walter Bürger wrote: bestellung_9AF6AAE4.exe (MD5 186a1745b54467fa168309da93960df4) 18 out of 54 scanners detected a trojan (F-Secure named it Trojan.Injector.AWD) but ClamAV did not detect it. I submitted both files to http://www.clamav

Re: [clamav-users] Bad detection rate

On Jun 25, 2014, at 4:23 AM, Walter Bürger wrote: > bestellung_9AF6AAE4.exe > (MD5 186a1745b54467fa168309da93960df4) > 18 out of 54 scanners detected a trojan > (F-Secure named it Trojan.Injector.AWD) > but ClamAV did not detect it. > > I submitted both files to > http://www.clamav.net/lang/en/s

Re: [clamav-users] Bad detection rate

> On Jun 25, 2014, at 0:17, "Al Varnell" wrote: > > The signature team has always been overwhelmed by the number of new samples > it receives every day and even though the team is bigger today, so is the > input. Right. We have several people working on malware full time. But we receive well

Re: [clamav-users] Bad detection rate

On Jun 25, 2014, at 2:34, "Al Varnell" wrote: >> Tue, Jun 24, 2014 at 10:40 PM, Dennis Peterson wrote: >> >> It wouldn't hurt to have a youtube video that shows admins how to generate >> simple day 0 check sum sigs that they can deploy locally while waiting for a >> Cisco/SourceFire signature

Re: [clamav-users] Bad detection rate

> On Jun 25, 2014, at 1:40, "Dennis Peterson" wrote: > >> On 6/24/14, 9:16 PM, Al Varnell wrote: >> That’s certainly a valid question and deserves a ClamAV® answer, but I’ll >> throw this comment out. >> >> The signature team has always been overwhelmed by the number of new samples >> it rece

Re: [clamav-users] Bad detection rate

Hi dear ClamAV team, a few minutes ago I submitted 2 files bestellung_074B5277.exe bestellung_9AF6AAE4.exe to virustotal.com bestellung_074B5277.exe (MD5 1da7c04ac540e4e02ef12cdcab7cffe3) 14 out of 53 scanners detected a trojan (F-Secure named it Trojan.Injector.AWD) but ClamAV did not detect it

Re: [clamav-users] Bad detection rate

On Tue, Jun 24, 2014 at 10:40 PM, Dennis Peterson wrote: > > It wouldn't hurt to have a youtube video that shows admins how to generate > simple day 0 check sum sigs that they can deploy locally while waiting for a > Cisco/SourceFire signature. In fact the submission process generates a > chec

Re: [clamav-users] Bad detection rate

On 6/24/14, 9:16 PM, Al Varnell wrote: That’s certainly a valid question and deserves a ClamAV® answer, but I’ll throw this comment out. The signature team has always been overwhelmed by the number of new samples it receives every day and even though the team is bigger today, so is the input.

Re: [clamav-users] Bad detection rate

That’s certainly a valid question and deserves a ClamAV® answer, but I’ll throw this comment out. The signature team has always been overwhelmed by the number of new samples it receives every day and even though the team is bigger today, so is the input. They established a third party signature

Re: [clamav-users] Bad detection rate

Why wouldn't ClamAV be interested in creating this signature as part of their own distribution? It's a virus, it's what you do, no? dp On 6/24/14, 11:14 AM, Joel Esler (jesler) wrote: On Jun 24, 2014, at 11:01 AM, Bowie Bailey mailto:bowie_bai...@buc.com>> wrote: On 6/24/2014 9:53 AM, Walter

Re: [clamav-users] Bad detection rate

On Jun 24, 2014, at 11:01 AM, Bowie Bailey mailto:bowie_bai...@buc.com>> wrote: On 6/24/2014 9:53 AM, Walter Bürger wrote: Hi dear ClamAV team, I submitted the same file as yesterday to virustotal.com: Rechnung_23_14_06_198630274520031_telekom_deutschland_GmbH.exe (MD5 a

Re: [clamav-users] Bad detection rate

On 6/24/2014 9:53 AM, Walter Bürger wrote: Hi dear ClamAV team, I submitted the same file as yesterday to virustotal.com: Rechnung_23_14_06_198630274520031_telekom_deutschland_GmbH.exe (MD5 ad690be247dda635781e20887fcac0e7) 30 out of 54 scanners detected a virus (NOD32 named it Win32/Emotet.AA

Re: [clamav-users] Bad detection rate

Hi dear ClamAV team, I submitted the same file as yesterday to virustotal.com: Rechnung_23_14_06_198630274520031_telekom_deutschland_GmbH.exe (MD5 ad690be247dda635781e20887fcac0e7) 30 out of 54 scanners detected a virus (NOD32 named it Win32/Emotet.AA) but ClamAV did not detect it. I am just c

Re: [clamav-users] Bad detection rate

Steve Basford wrote: On Mon, June 23, 2014 4:47 pm, Walter Bürger wrote: About 4 hours later I checked again and 12 out of 54 scanners detected a virus in this file but ClamAV did not detect it. I know 4 hours sounds a long time but when you consider the current amount of malware that is submi

Re: [clamav-users] Bad detection rate

On Mon, June 23, 2014 4:47 pm, Walter Bürger wrote: > > About 4 hours later I checked again and > 12 out of 54 scanners detected a virus in this file > but ClamAV did not detect it. I know 4 hours sounds a long time but when you consider the current amount of malware that is submitted / auto-subm

Re: [clamav-users] Bad detection rate

On 23. jun. 2014 19.36.58 CEST, Steve Basford wrote: > >Sanesecurity.Malware.23787.ZipHeur >Added: 23 Jun 2014 09:32:40 UT I have a dream on virustotal start using 3dr party clamav signatures ___ Help us build a comprehensive ClamAV guide: https://gith

Re: [clamav-users] Bad detection rate

Steve Basford wrote: On Mon, June 23, 2014 4:47 pm, Walter Bürger wrote: This morning I submitted the file Rechnung_23_14_06_198630274520031_telekom_deutschland_GmbH.exe (MD5 ad690be247dda635781e20887fcac0e7) on virustotal.com. 4 out of 54 scanners detected a virus (NOD32 named it Win32/Kryptik

Re: [clamav-users] Bad detection rate

Always, as a reminder, we have the ClamAV Community sigs list, which anyone in the world can submit signatures to us, which we’ll put through the system and they’ll go out in the official list. http://blog.clamav.net/2014/02/introducing-clamav-community-signatures.html -- Joel Esler Open Source

Re: [clamav-users] Bad detection rate

Quick dump of found signature results: ClamAV vs Basford et al Unofficial sigs, total: grep UNOFFICIAL clam* |wc -l 174 Unofficial Sane Security sigs found grep Sanesecur.*FOUND clam* |wc -l 141 Official ClamAV sigs found: grep FOUND clam* |grep -c -v UNOFFICIAL 10 Non-Sanesecurity unofficial

Re: [clamav-users] Bad detection rate

On Mon, June 23, 2014 4:47 pm, Walter Bürger wrote: > > This morning I submitted the file > Rechnung_23_14_06_198630274520031_telekom_deutschland_GmbH.exe > (MD5 ad690be247dda635781e20887fcac0e7) > on virustotal.com. > > 4 out of 54 scanners detected a virus > (NOD32 named it Win32/Kryptik.CFAE) >

Re: [clamav-users] Bad detection rate

The OP brought up several points, none of which were addressed. 1. Nevertheless, the detection rate of viruses, trojans, etc. is not very good. Almost every time I submit a sample file on virustotal.com ClamAV can not detect the virus or malware. 2. Up to now, I never got a notification, alth

Re: [clamav-users] Bad detection rate

Walter, We received your sample for the first time today and will be analyzing it for coverage in the ClamAV signature set. Thanks for your submission. If you are planning to submit a large number of samples on a regular basis, please contact me off-list. - Alain On Mon, Jun 23, 2014 at 11:47