[clamav-users] concerning foxhole databases
Steve Basford
steveb_clamav at sanesecurity.com
Thu Apr 23 11:29:39 UTC 2015
On Thu, April 23, 2015 12:03 pm, Rajesh M wrote:
> i am using foxhole_all.cdb foxhole_filename.cdb foxhole_generic.cdb but
> does not work
>
> how do i block .cab extension even if they are within zip or rar or 7z
> files.
Hi Rajesh
In your sample...a-to-z_moving_and_delivery.zip
Using database foxhole_all.cdb:
a-to-z_moving_and_delivery.zip:
Sanesecurity.Foxhole.Cab_scr.UNFFICIAL FOUND
Using database phish.ndb:
a-to-z_moving_and_delivery.zip:
Sanesecurity.Malware.24866.ExeHeur.Cab.UNOFFICIAL FOUND
Looks like something isn't working at your end.
If you clamscan --database=foxhole_all.cdb a-to-z_moving_and_delivery.zip
does it work?
If not, might need a debug output from above command
Cheers,
Steve
Web : sanesecurity.com
Blog: sanesecurity.blogspot.com
More information about the clamav-users
mailing list