[clamav-users] Bad detection rate

Dennis Peterson dennispe at inetnw.com
Mon Jun 23 16:51:53 UTC 2014 

The OP brought up several points, none of which were addressed.

1. Nevertheless, the detection rate of viruses, trojans, etc. is not very good. 
Almost every time I submit a sample file on virustotal.com ClamAV can not detect 
the virus or malware.

2. Up to now, I never got a notification, although "Notify me" was checked.

3. Why shall we not post more than two sample files per day ?

4. What can we do to improve the detection rate of ClamAV ?


Let's start the conversation.

dp


On 6/23/14, 9:42 AM, Alain Zidouemba wrote:
> Walter,
>
> We received your sample for the first time today and will be analyzing it
> for coverage in the ClamAV signature set. Thanks for your submission.
>
> If you are planning to submit a large number of samples on a regular basis,
> please contact me off-list.
>
> - Alain
>
>
> On Mon, Jun 23, 2014 at 11:47 AM, Walter Bürger <walter.buerger at arscons.de>
> wrote:
>
>> Hi dear ClamAV team,
>>
>> ClamAV is a good software and it runs very stable
>> on my servers for years!
>>
>> Many thanks for ClamAV and for your efforts making it
>> such a stable software!
>>
>> Nevertheless, the detection rate of viruses, trojans, etc.
>> is not very good.
>>
>> Almost every time I submit a sample file on virustotal.com
>> ClamAV can not detect the virus or malware.
>>
>> This morning I submitted the file Rechnung_23_14_06_
>> 198630274520031_telekom_deutschland_GmbH.exe
>> (MD5 ad690be247dda635781e20887fcac0e7)
>> on virustotal.com.
>>
>> 4 out of 54 scanners detected a virus
>> (NOD32 named it Win32/Kryptik.CFAE)
>> but ClamAV did not detect it.
>>
>> About 4 hours later I checked again and
>> 12 out of 54 scanners detected a virus in this file
>> but ClamAV did not detect it.
>>
>> Of course I submitted this sample file on
>> http://www.clamav.net/lang/en/sendvirus/submit-malware/
>> too.
>>
>> Up to now, I never got a notification, although "Notify me" was checked.
>>
>> A few minutes ago on one of my mailservers:
>> clamdscan Rechnung_23_14_06_198630274520031_telekom_deutschland_GmbH.exe
>> Rechnung_23_14_06_198630274520031_telekom_deutschland_GmbH.exe: OK
>>
>> Why shall we not post more than two sample files per day ?
>> I think you would get many more sample files and hence a better detection
>> rate.
>> While submitting my sample file to
>> http://www.clamav.net/lang/en/sendvirus/submit-malware/
>> "Share this sample with other AV vendors" was checked.
>> Do other AV vendors share their samples with ClamAV ?
>>
>> What can we do to improve the detection rate of ClamAV ?
>>
>> Best regards,
>> Walter.
>>
>>
>> _______________________________________________
>> Help us build a comprehensive ClamAV guide:
>> https://github.com/vrtadmin/clamav-faq
>> http://www.clamav.net/support/ml
>>
> _______________________________________________
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
> http://www.clamav.net/support/ml

More information about the clamav-users mailing list