[clamav-users] How to Mass Submit Virus Samples?

Joel Esler (jesler) jesler at cisco.com
Fri Dec 2 12:10:45 UTC 2016 

What amount of samples are we talking?   Do you want to submit whole spam or just the attachments?

--
Sent from my iPhone

> On Dec 2, 2016, at 5:46 AM, Benoit Panizzon <benoit.panizzon at imp.ch> wrote:
> 
> Hello ClamAvers!
> 
> I work at an ISP and we operate a large email infrastructure. We use
> ClamAV as our mail virus scanner.
> 
> At the moment we face a lot of docx xlsx and zip files containing
> malware which is not recognized by ClamAV.
> 
> I operate a spamtrap to feed the SWINOG Blacklist. So to mitigate the
> problem a bit, I started extracting attachments with the spamtrap and
> push the MD5 hashes to a DNS based blacklist, which then is queried
> from the mailserver infrastructure to block attachements which have
> been seen by the spamtrap.
> 
> This helps a bit, but only a bit. I see that certain types of malware
> more or less constantly generated different MD5 checksums.
> 
> I started submitting samples to virustotal and mostly only very few
> scanners recognized them in the minutes after hitting my spamtrap. One
> day later or so, about half the scanners get them, but not clamAV.
> Usually clamAV catches up a bit on the Office Files several days later,
> but still fails on Zip Files containing js malware.
> 
> So I wonder if it would be of any help, if there was a way of
> automatically mass submit the attachements I get on my spamtrap. I
> could pre-scan them to only submit those which scan negative.
> 
> Kind regards
> 
> -Benoît Panizzon-
> -- 
> I m p r o W a r e   A G    -    Leiter Commerce Kunden
> ______________________________________________________
> 
> Zurlindenstrasse 29             Tel  +41 61 826 93 00
> CH-4133 Pratteln                Fax  +41 61 826 93 01
> Schweiz                         Web  http://www.imp.ch
> ______________________________________________________
> _______________________________________________
> clamav-users mailing list
> clamav-users at lists.clamav.net
> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
> 
> 
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
> 
> http://www.clamav.net/contact.html#ml

More information about the clamav-users mailing list