[clamav-users] Win.Trojan.Toa-5368540-0 - How many people need to complain before you listen?
Joel Esler (jesler)
jesler at cisco.com
Thu Dec 29 13:14:20 UTC 2016
We are showing that all Toa signatures have been dropped. Please run freshclam to drop the sigs.
--
Sent from my iPhone
> On Dec 29, 2016, at 8:03 AM, Joel Esler (jesler) <jesler at cisco.com> wrote:
>
> I'm not dismissing anything. (Except the notion that I am dismissing things). I know one of our guys is monitoring the list during the holiday. I'll ping him.
>
> --
> Sent from my iPhone
>
>>> On Dec 29, 2016, at 7:07 AM, Groach <groachmail-stopspammingme at yahoo.com> wrote:
>>>
>>>> On 29/12/2016 09:32, Reindl Harald wrote:
>>>>
>>>> Am 29.12.2016 um 10:21 schrieb Reindl Harald:
>>>>
>>>> state of the official sgnatures is that clamav don't catch many real
>>>> malware all over the time without sanesecurity 3rd party signatures and
>>>> the official
>>>
>>> given how much memory the instance with the officical signatures i am going so far to say that i would love to be able to *completly* exclude "daily.cld", "daily.cvd" and "main.cvd" and only update "safebrowsing.cvd" and just keep the few sanesecurity signatures in the clamd-instance which is allowed to reject directly via milter
>>
>> I couldnt agree more. Clam sigs have *never* caught a single threat - in many cases many MANY months after the threat had been and gone (I have documented evidence if anyone cares to read it). The only thing Clam has ever done is 'catch' false positives (yes, I mean "ONLY") - so much so that I have been forced to turn off quarantine/action upon threat and put it in to REPORT MODE only. If I could exclude the Clam default signatures and just continue to use Sane then I would and then I could turn back on quarantining to make our systems safe again. The irony is that Sane has been tested and proven by me to be the best Zero hour threat detector and thats why I have chosen it (even against all the big commercial boys) but its built on and uses the Clam engine - yet its the default Clam signatures that stop me keeping my system safe despite Sane doing its work properly. (Its like Sane being employed by the police and telling the police of the intruder but the police not doing anythi
> ng about it because they would simploy go about arresting the intruder and even the innocent premises owners and general public. Answer: done tell the police and just write it down instead.)
>> _______________________________________________
>> clamav-users mailing list
>> clamav-users at lists.clamav.net
>> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
>>
>>
>> Help us build a comprehensive ClamAV guide:
>> https://github.com/vrtadmin/clamav-faq
>>
>> http://www.clamav.net/contact.html#ml
> _______________________________________________
> clamav-users mailing list
> clamav-users at lists.clamav.net
> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml
More information about the clamav-users
mailing list