[clamav-users] How to Mass Submit Virus Samples?
Benoit Panizzon
benoit.panizzon at imp.ch
Fri Dec 2 10:46:27 UTC 2016
Hello ClamAvers!
I work at an ISP and we operate a large email infrastructure. We use
ClamAV as our mail virus scanner.
At the moment we face a lot of docx xlsx and zip files containing
malware which is not recognized by ClamAV.
I operate a spamtrap to feed the SWINOG Blacklist. So to mitigate the
problem a bit, I started extracting attachments with the spamtrap and
push the MD5 hashes to a DNS based blacklist, which then is queried
from the mailserver infrastructure to block attachements which have
been seen by the spamtrap.
This helps a bit, but only a bit. I see that certain types of malware
more or less constantly generated different MD5 checksums.
I started submitting samples to virustotal and mostly only very few
scanners recognized them in the minutes after hitting my spamtrap. One
day later or so, about half the scanners get them, but not clamAV.
Usually clamAV catches up a bit on the Office Files several days later,
but still fails on Zip Files containing js malware.
So I wonder if it would be of any help, if there was a way of
automatically mass submit the attachements I get on my spamtrap. I
could pre-scan them to only submit those which scan negative.
Kind regards
-Benoît Panizzon-
--
I m p r o W a r e A G - Leiter Commerce Kunden
______________________________________________________
Zurlindenstrasse 29 Tel +41 61 826 93 00
CH-4133 Pratteln Fax +41 61 826 93 01
Schweiz Web http://www.imp.ch
______________________________________________________
More information about the clamav-users
mailing list