Re: [clamav-users] Bad detection rate

2014-06-24 Thread Walter Bürger
Hi dear ClamAV team, I submitted the same file as yesterday to virustotal.com: Rechnung_23_14_06_198630274520031_telekom_deutschland_GmbH.exe (MD5 ad690be247dda635781e20887fcac0e7) 30 out of 54 scanners detected a virus (NOD32 named it Win32/Emotet.AA) but ClamAV did not detect it. I am just c

Re: [clamav-users] Bad detection rate

2014-06-24 Thread Bowie Bailey
On 6/24/2014 9:53 AM, Walter Bürger wrote: Hi dear ClamAV team, I submitted the same file as yesterday to virustotal.com: Rechnung_23_14_06_198630274520031_telekom_deutschland_GmbH.exe (MD5 ad690be247dda635781e20887fcac0e7) 30 out of 54 scanners detected a virus (NOD32 named it Win32/Emotet.AA

Re: [clamav-users] Bad detection rate

2014-06-24 Thread Joel Esler (jesler)
On Jun 24, 2014, at 11:01 AM, Bowie Bailey mailto:bowie_bai...@buc.com>> wrote: On 6/24/2014 9:53 AM, Walter Bürger wrote: Hi dear ClamAV team, I submitted the same file as yesterday to virustotal.com: Rechnung_23_14_06_198630274520031_telekom_deutschland_GmbH.exe (MD5 a

[clamav-users] Does Clamsubmit work?

2014-06-24 Thread Daniel Quintiliani
Hi, There was a recent thread about ClamAV's low detection rates when compared to other AVs on VirusTotal. When Clamsubmit came out I started using it to submit "false negatives", following the "two per day" rules of the Web site. (No such rule exists in the clamsubmit manpage.) I am wonderin

Re: [clamav-users] Does Clamsubmit work?

2014-06-24 Thread Shawn Webb
On Tue, Jun 24, 2014 at 4:36 PM, Daniel Quintiliani wrote: > Hi, > > There was a recent thread about ClamAV's low detection rates when compared > to other AVs on VirusTotal. > > When Clamsubmit came out I started using it to submit "false negatives", > following the "two per day" rules of the Web

Re: [clamav-users] Bad detection rate

2014-06-24 Thread Dennis Peterson
Why wouldn't ClamAV be interested in creating this signature as part of their own distribution? It's a virus, it's what you do, no? dp On 6/24/14, 11:14 AM, Joel Esler (jesler) wrote: On Jun 24, 2014, at 11:01 AM, Bowie Bailey mailto:bowie_bai...@buc.com>> wrote: On 6/24/2014 9:53 AM, Walter

Re: [clamav-users] Bad detection rate

2014-06-24 Thread Al Varnell
That’s certainly a valid question and deserves a ClamAV® answer, but I’ll throw this comment out. The signature team has always been overwhelmed by the number of new samples it receives every day and even though the team is bigger today, so is the input. They established a third party signature

Re: [clamav-users] Bad detection rate

2014-06-24 Thread Dennis Peterson
On 6/24/14, 9:16 PM, Al Varnell wrote: That’s certainly a valid question and deserves a ClamAV® answer, but I’ll throw this comment out. The signature team has always been overwhelmed by the number of new samples it receives every day and even though the team is bigger today, so is the input.

Re: [clamav-users] Bad detection rate

2014-06-24 Thread Al Varnell
On Tue, Jun 24, 2014 at 10:40 PM, Dennis Peterson wrote: > > It wouldn't hurt to have a youtube video that shows admins how to generate > simple day 0 check sum sigs that they can deploy locally while waiting for a > Cisco/SourceFire signature. In fact the submission process generates a > chec