[clamav-users] Block all "EXE/SRC" or MS-EXE/DLL file
Jesse Nicholson
ascensionsystems at gmail.com
Thu Feb 13 10:29:28 UTC 2014
Need to write an anti virus that uses the NIST NSRL database and operate it
as a white list based AV. The db contains some 100 million hashes of known
good binary files. I tried to crowd fund to do this but no one was
interested.
On Feb 13, 2014 4:48 AM, "Sim" <simvirus at gmail.com> wrote:
> Hello!
> In the last weeks/months the unrecognized virus are increasingly
> exponentially
> (not only for Clamav but for all antivirus).
> My idea is "block" all EXE/SRC (also into ZIP/RAR).
> Executing "clamscan --debug filename" I can see:
>
> - LibClamAV debug: Recognized MS-EXE/DLL file
> - Section contains executable code
>
> Which is the best solution/way to block all EXE/executable files?
>
> Thanks!
>
> ---
> Sim
> _______________________________________________
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
> http://www.clamav.net/support/ml
>
More information about the clamav-users
mailing list