[clamav-users] Trouble with foxhole
Steve Basford
steveb_clamav at sanesecurity.com
Wed Oct 14 07:12:37 UTC 2015
On Wed, October 14, 2015 7:23 am, Hartmann, Jan wrote:
>
>
> Hi,
> Today we had a lot problems with exe files hidden in zip archives
>
>
> I tried to add the foxholedb to our clamav, but sadly it didn’t
> recognize the exe in the zip.
>
>
> clamscan --database=/var/lib/clamav/foxhole_generic.cdb fatuousness\
> paging\ policy\ work\ regulations.zip fatuousness paging policy work
> regulations.zip: OK
Hi Jan,
foxhole_all.cdb will block all exe's in Zip files etc. It will block more
malware but there is obviously an increased risk of False Positives.
foxhole_generic.cdb mainly deals with double-extension or hidden filename
malware.
foxhole_filename.cdb contrains known filenames containing malware.
I'm guessing that your zip file, only has a single filename exe?
What does this show:
unzip -l fatuousness paging policy work regulations.zip
Cheers,
Steve
Web : sanesecurity.com
Blog: sanesecurity.blogspot.com
More information about the clamav-users
mailing list