[clamav-users] Bad detection rate
Alain Zidouemba
azidouemba at sourcefire.com
Mon Jun 23 16:42:46 UTC 2014
Walter,
We received your sample for the first time today and will be analyzing it
for coverage in the ClamAV signature set. Thanks for your submission.
If you are planning to submit a large number of samples on a regular basis,
please contact me off-list.
- Alain
On Mon, Jun 23, 2014 at 11:47 AM, Walter Bürger <walter.buerger at arscons.de>
wrote:
>
> Hi dear ClamAV team,
>
> ClamAV is a good software and it runs very stable
> on my servers for years!
>
> Many thanks for ClamAV and for your efforts making it
> such a stable software!
>
> Nevertheless, the detection rate of viruses, trojans, etc.
> is not very good.
>
> Almost every time I submit a sample file on virustotal.com
> ClamAV can not detect the virus or malware.
>
> This morning I submitted the file Rechnung_23_14_06_
> 198630274520031_telekom_deutschland_GmbH.exe
> (MD5 ad690be247dda635781e20887fcac0e7)
> on virustotal.com.
>
> 4 out of 54 scanners detected a virus
> (NOD32 named it Win32/Kryptik.CFAE)
> but ClamAV did not detect it.
>
> About 4 hours later I checked again and
> 12 out of 54 scanners detected a virus in this file
> but ClamAV did not detect it.
>
> Of course I submitted this sample file on
> http://www.clamav.net/lang/en/sendvirus/submit-malware/
> too.
>
> Up to now, I never got a notification, although "Notify me" was checked.
>
> A few minutes ago on one of my mailservers:
> clamdscan Rechnung_23_14_06_198630274520031_telekom_deutschland_GmbH.exe
> Rechnung_23_14_06_198630274520031_telekom_deutschland_GmbH.exe: OK
>
> Why shall we not post more than two sample files per day ?
> I think you would get many more sample files and hence a better detection
> rate.
> While submitting my sample file to
> http://www.clamav.net/lang/en/sendvirus/submit-malware/
> "Share this sample with other AV vendors" was checked.
> Do other AV vendors share their samples with ClamAV ?
>
> What can we do to improve the detection rate of ClamAV ?
>
> Best regards,
> Walter.
>
>
> _______________________________________________
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
> http://www.clamav.net/support/ml
>
More information about the clamav-users
mailing list