[clamav-users] Win.Trojan.Toa-5368540-0 - How many people need to complain before you listen?

[Groach]

On 29/12/2016 09:32, Reindl Harald wrote:
>
> Am 29.12.2016 um 10:21 schrieb Reindl Harald:
>>
>> state of the official sgnatures is that clamav don't catch many real
>> malware all over the time without sanesecurity 3rd party signatures and
>> the official
>
> given how much memory the instance with the officical signatures i am 
> going so far to say that i would love to be able to *completly* 
> exclude "daily.cld", "daily.cvd" and "main.cvd" and only update 
> "safebrowsing.cvd" and just keep the few sanesecurity signatures in 
> the clamd-instance which is allowed to reject directly via milter

I couldnt agree more. Clam sigs have *never* caught a single threat - in 
many cases many MANY months after the threat had been and gone (I have 
documented evidence if anyone cares to read it). The only thing Clam has 
ever done is 'catch' false positives (yes, I mean "ONLY") - so much so 
that I have been forced to turn off quarantine/action upon threat and 
put it in to REPORT MODE only.  If I could exclude the Clam default 
signatures and just continue to use Sane then I would and then I could 
turn back on quarantining to make our systems safe again.  The irony is 
that Sane has been tested and proven by me to be the best Zero hour 
threat detector and thats why I have chosen it (even against all the big 
commercial boys)  but its built on and uses the Clam engine - yet its 
the default Clam signatures that stop me keeping my system safe despite 
Sane doing its work properly. (Its like Sane being employed by the 
police and telling the police of the intruder but the police not doing 
anything about it because they would simploy go about arresting the 
intruder and even the innocent premises owners and general public.  
Answer: done tell the police and just write it down instead.)