[clamav-users] Trouble with foxhole
Steve Basford
steveb_clamav at sanesecurity.com
Wed Oct 14 07:19:32 UTC 2015
On Wed, October 14, 2015 7:37 am, Rajesh M wrote:
>
> Sanesecurity.Foxhole.7z:CL_TYPE_7Z
> Sanesecurity.Foxhole.Rar:CL_TYPE_RAR
etc..
Hi rajesh,
Yep, the above will work... but could cause high FP's for some people
which they might find unacceptable, depending on their setup.
If anyone has a nice malware zip/7z/rar etc. collection it might be nice
to create a "database" of their "common" bad filenames, which I can add
into foxhole_filename.cdb.
I've made start on the above and will shortly be adding thise into
foxhole_filename.cdb
Cheers,
Steve
Web : sanesecurity.com
Blog: sanesecurity.blogspot.com
More information about the clamav-users
mailing list