[clamav-users] Bad detection rate
Steve Basford
steveb_clamav at sanesecurity.com
Mon Jun 23 19:20:13 UTC 2014
On Mon, June 23, 2014 7:16 pm, Walter Bürger wrote:
>
> clamdscan /tmp/bann/* /tmp/bann/2014_06rechnung_12553625576148_sign.zip:
> Sanesecurity.Malware.23787.ZipHeur.UNOFFICIAL FOUND
>
>
> /tmp/bann/Rechnung_23_14_06_198630274520031_telekom_deutschland_GmbH.exe:
> OK
That's right... ZipHeur looks for filenames in Zips, not the actual
content... so that's why it didn't find anything when the exe itself was
scanned.
Exe hashes, are normally added to rogue.hdb at the same time, which
would have found something.
Cheers,
Steve
Sanesecurity
More information about the clamav-users
mailing list