[clamav-users] virus/malware risk level

Using clamav... Is there any way to find out what is the risk level (score/priority/...) of the detected virus/malware? ___ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a

Re: [clamav-users] virus/malware risk level

Hello, Using clamav... Is there any way to find out what is the risk level (score/priority/...) of the detected virus/malware? From my own opinion : PUA detected malwares are risk : LOW All other detected malwares are risk : MAXIMUM (if not a false positive). -- Cordialement / Best regards

Re: [clamav-users] virus/malware risk level

Not unless you are lucky enough to be able to somehow identify what the malware is. About the only ones that you stand any chance of finding would be those identified with a "CVE" number that you can look up on Mitre or NIST sites. A small number will get written up on the Talos blog site

Re: [clamav-users] virus/malware risk level

Hi there, On Thu, 30 May 2019, WagdeZ wrote Using clamav... Is there any way to find out what is the risk level (score/priority/...) of the detected virus/malware? The question is rather vague. In many cases the signature name gives some sort of clue to what the signature is about, so if you

[clamav-users] ClamD dependent on MSVCR100D.dll

Not sure if this is the right forum to ask this but appreciate any insight that can be provided. We are running clamd on a web server with IIS (Windows server)configured with srvany to run clamd as a service which the application calls during uploads to check files on their way in.  I've up

Re: [clamav-users] Regarding ClamAV performance

Does your platform have GNU time or strace? Try running clamscan with '/usr/bin/time -v' and/or 'strace -c' and compare the output with that of your Ubuntu host. I wonder if loading the signature DB is causing excessive page faults on the system without as much memory (time -v will tell you how m

[clamav-users] Problems scanning for PUAs

Hi, I'm trying to scan files for PUAs. When you do that, you get a lot of packers show up. But when I type --detect-pua=yes --exclude-pua=Win.Packer it doesn't detect any PUAs at all (including PUA.Win.Malware etc). Am I typing something wrong or is this a bug? Running ClamAV v0.101.2 on Gent

Re: [clamav-users] Problems scanning for PUAs

Also, what is the difference between e.g. Win.Trojan and PUA.Win.Trojan? Why would a trojan be a PUA? -- -Dan Q On Thu, 30 May 2019 17:02:08 -0400 (EDT), Daniel Quintiliani via clamav-users wrote: > Hi, > > I'm trying to scan files for PUAs. > When you do that, you get a lot of packers show

Re: [clamav-users] ClamD dependent on MSVCR100D.dll

It isn’t strictly used for debugging, though that version with the “D” at the end is the debug version of the visual C runtime. What version of ClamAV are you running? I don’t know if older versions were debug builds, but our latest versions should all be release builds. The newer versions of

Re: [clamav-users] Problems scanning for PUAs

I think the PUA version are just potentially unwanted things that exhibit trojan-like behavior but aren't confirmed trojans. As for the original question, it looks like it's only using the first part of that to determine the group of PUAs to ignore. These are the 'PUA' families (and associated si

[clamav-users] Installing clamav into debian container

Hi, I’m just trying out clamav for the first time. I executed these steps: docker run -it ubuntu /bin/bash apt update apt-get -y install clamdscan freshclam All these seemed to work successfully. But I’m not finding all the clamav components. For example, in /etc/clamav I only find these:

Re: [clamav-users] Installing clamav into debian container

For clamd and clamd.conf, you’ll need to: apt-get -y install clamav-daemon As you’ve noticed, Ubuntu decided to split up the project into multiple components. You may also want to install libclamunrar for RAR file parsing support apt-get -y install libclamunrar7 Regards, Micah From: clamav-