[clamav-users] Low detection rate
Shawn Webb
swebb at sourcefire.com
Mon Mar 3 13:49:36 UTC 2014
On Mon, Mar 3, 2014 at 7:28 AM, Steve Hill <steve at opendium.com> wrote:
>
> I'm using clamd together with exim under Scientific Linux 6.3 and I'm
> having problems with Clam not detecting many viruses - in fact, looking
> back through the logs it basically only seems to be finding a few phishing
> emails.
>
> Other virus scanners are picking up a number of viruses which are being
> allowed through by clam - for example, http://persephone.nexusuk.org/
> ~steve/eticket_ba_70391830.doc is identified as CVE_2010_3333 by a number
> of other scanners, but clam says it's clean (I've now submitted this to the
> sendvirus page on the website).
>
> I'm using ClamAV 0.98.1 from the EPEL repository and as far as I can tell
> my virus signatures are up to date:
> # freshclam
> ClamAV update process started at Mon Mar 3 12:25:40 2014
> main.cvd is up to date (version: 55, sigs: 2424225, f-level: 60, builder:
> neo)
> daily.cld is up to date (version: 18526, sigs: 719612, f-level: 63,
> builder: neo)
> bytecode.cld is up to date (version: 236, sigs: 43, f-level: 63, builder:
> dgoddard)
>
> I'm not sure how to go about debugging the problem - any advice would be
> welcome.
>
Hey Steve,
You can submit files you suspect are legitimate malware here:
http://www.clamav.net/lang/en/sendvirus/
Thanks,
Shawn
More information about the clamav-users
mailing list