[clamav-users] Bad detection rate

Walter Bürger walter.buerger at arscons.de
Mon Jun 23 20:40:39 UTC 2014 

Steve Basford wrote:
> On Mon, June 23, 2014 4:47 pm, Walter Bürger wrote:
>> About 4 hours later I checked again and
>> 12 out of 54 scanners detected a virus in this file
>> but ClamAV did not detect it.
> 
> I know 4 hours sounds a long time but when you consider the current amount
> of malware that is submitted / auto-submitted to very few official
> signature writers, things will take time.
> 
> Sanesecurity sigs consist of manually generated and auto-generated
> signatures, for example rogue.hdb is updated hourly automatically (hashes)
> and will be short-lived detection but quick.
> 
> Whereas phish.ndb is manually generated but will normally have longer term
> effectiveness that rogue.hdb.
> 
> Currently though, download script download from the Sanesecurity mirrors
> hourly but even that may not be good enough/quick enough for some.
> 
> I'm actually looking as quicker updates via freshclam for a few users, so
> I've put a poll on the Sanesecurity.com website, to see how often
> freshclam updates happen, just to gauge if it would help.
> 
> Anyway, this is more for the sanesecurity list really.
> 
> But just wanted to say a huge kudos to the whole ClamAV team and sig
> writers, without which we wouldn't have ClamAV and it's engine to play
> with in the first place.
> 
> 
> Cheers,
> 
> Steve
> Sanesecurity.com
> 
> _______________________________________________
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
> http://www.clamav.net/support/ml


I love it!
This is like it should always be:

Mon Jun 23 21:08:27 2014 -> /var/amavisd/afs5NJ8Q5r020716/parts/p005: 
Sanesecurity.Malware.23787.ZipHeur.UNOFFICIAL(69bef6560be0d55ce5956533627cb083:124659) 
FOUND
Mon Jun 23 21:10:16 2014 -> SelfCheck: Database status OK.
Mon Jun 23 21:20:16 2014 -> SelfCheck: Database status OK.
Mon Jun 23 21:28:27 2014 -> /var/amavisd/afs5NJSQ42006874/parts/p005: 
Sanesecurity.Malware.23787.ZipHeur.UNOFFICIAL(f3b2ccae8204ca28d90c5e648ad5f964:124659) 
FOUND
Mon Jun 23 21:30:17 2014 -> SelfCheck: Database status OK.
Mon Jun 23 21:40:17 2014 -> SelfCheck: Database status OK.
Mon Jun 23 21:50:17 2014 -> SelfCheck: Database status OK.
Mon Jun 23 22:00:17 2014 -> SelfCheck: Database status OK.
Mon Jun 23 22:08:28 2014 -> /var/amavisd/afs5NK8RPh000911/parts/p005: 
Sanesecurity.Malware.23787.ZipHeur.UNOFFICIAL(c6319e040ab69ebff2f60ca863087469:124659) 
FOUND
Mon Jun 23 22:10:17 2014 -> SelfCheck: Database status OK.

Best regards,
Walter.


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 258 bytes
Desc: OpenPGP digital signature
URL: <https://lists.clamav.net/pipermail/clamav-users/attachments/20140623/fbd18266/attachment.sig>

More information about the clamav-users mailing list