[clamav-users] Trouble with foxhole
Rajesh M
24x7server at 24x7server.net
Wed Oct 14 08:27:08 UTC 2015
steve
i am writing this on the basis of the experience of over 18500 corporate users -- and they have no complaints at all.
basically people sending all these different file exe, jar and other forbidden extensions directly or within zip rar etc are 99.999 percent spammers / botnet
the only people who mentioned the issue are software developers who happened to send exe or jar etc with their emails.
however once i explained to them and and provided them ftp accounts for transmitting such files they were happy.
also genuine senders are intimated correctly that their email has not been sent so there is no loss of communications.
the internet is getting to be an extremely dangerous place -- and i have seen several incidences of people opening these exe or scr files within zip files and having their entire pc locked up / companies losing millions because their employees' pcs were hacked.
antivirus is only as good as the signature -- many many many many times clam fails -- even now word / excel macro virus documents are not detected.
badfile names --- very very difficult to keep updating those.
i would rather block the root cause (though a few people may complain) and than have the pcs of a huge number of people at risk.
rajesh
----- Original Message -----
From: Steve Basford [mailto:steveb_clamav at sanesecurity.com]
To: clamav-users at lists.clamav.net
Sent: Wed, 14 Oct 2015 08:19:32 +0100
Subject: Re: [clamav-users] Trouble with foxhole
On Wed, October 14, 2015 7:37 am, Rajesh M wrote:
>
> Sanesecurity.Foxhole.7z:CL_TYPE_7Z
> Sanesecurity.Foxhole.Rar:CL_TYPE_RAR
etc..
Hi rajesh,
Yep, the above will work... but could cause high FP's for some people
which they might find unacceptable, depending on their setup.
If anyone has a nice malware zip/7z/rar etc. collection it might be nice
to create a "database" of their "common" bad filenames, which I can add
into foxhole_filename.cdb.
I've made start on the above and will shortly be adding thise into
foxhole_filename.cdb
Cheers,
Steve
Web : sanesecurity.com
Blog: sanesecurity.blogspot.com
_______________________________________________
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/contact.html#ml
More information about the clamav-users
mailing list