[clamav-users] Low detection rate

TR Shaw tshaw at oitc.com
Mon Mar 3 12:58:34 EST 2014


Just to let you know I have submitted samples of this exploit since early/mid last week via my direct submittal link.

On Mar 3, 2014, at 10:14 AM, Alain Zidouemba wrote:

> Confirming a false negative on the sample you mentioned. We'll provide
> coverage as soon as possible. Please continue to submit your malware
> samples to: http://www.clamav.net/lang/en/sendvirus/
> 
> Thanks,
> 
> - Alain
> 
> 
> On Mon, Mar 3, 2014 at 7:28 AM, Steve Hill <steve at opendium.com> wrote:
> 
>> 
>> I'm using clamd together with exim under Scientific Linux 6.3 and I'm
>> having problems with Clam not detecting many viruses - in fact, looking
>> back through the logs it basically only seems to be finding a few phishing
>> emails.
>> 
>> Other virus scanners are picking up a number of viruses which are being
>> allowed through by clam - for example, http://persephone.nexusuk.org/
>> ~steve/eticket_ba_70391830.doc is identified as CVE_2010_3333 by a number
>> of other scanners, but clam says it's clean (I've now submitted this to the
>> sendvirus page on the website).
>> 
>> I'm using ClamAV 0.98.1 from the EPEL repository and as far as I can tell
>> my virus signatures are up to date:
>> # freshclam
>> ClamAV update process started at Mon Mar  3 12:25:40 2014
>> main.cvd is up to date (version: 55, sigs: 2424225, f-level: 60, builder:
>> neo)
>> daily.cld is up to date (version: 18526, sigs: 719612, f-level: 63,
>> builder: neo)
>> bytecode.cld is up to date (version: 236, sigs: 43, f-level: 63, builder:
>> dgoddard)
>> 
>> I'm not sure how to go about debugging the problem - any advice would be
>> welcome.
>> 
>> Thank you.
>> 
>> --
>> - Steve Hill
>>   Technical Director
>>   Opendium Limited     http://www.opendium.com
>> 
>> Direct contacts:
>>   Instant messager: xmpp:steve at opendium.com
>>   Email:            steve at opendium.com
>>   Phone:            sip:steve at opendium.com
>> 
>> Sales / enquiries contacts:
>>   Email:            sales at opendium.com
>>   Phone:            +44-844-9791439 / sip:sales at opendium.com
>> 
>> Support contacts:
>>   Email:            support at opendium.com
>>   Phone:            +44-844-4844916 / sip:support at opendium.com
>> _______________________________________________
>> Help us build a comprehensive ClamAV guide:
>> https://github.com/vrtadmin/clamav-faq
>> http://www.clamav.net/support/ml
>> 
> _______________________________________________
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
> http://www.clamav.net/support/ml




More information about the clamav-users mailing list