[clamav-users] javascript ZIP virus not caught?
Al Varnell
alvarnell at mac.com
Tue Mar 15 03:52:07 UTC 2016
I don’t have any answers, but you have raised my curiosity level. What exactly is the threat from these javascript files you are finding? In checking the over four million virus signatures provided in the official ClamAV database, I see there are only 440 labeled as “.js” based and 94% of those are in the main.cvd which means they are old. Of the 28 in daily.cvd, 22 are labeled as PUA (potentially unwanted applications) which normally indicate low/no threat. I’d have to conclude that either there have not been sufficient js file samples submitted which turn out to be threats or they are somehow low priority to the signature writers here.
Perhaps I’m just out-of-touch since I deal almost exclusively with Apple Mac threats, but as far as I know there are no e-mail javascript threats to OS X or it’s applications and about the worst we see via web browsers are fake ransomeware and tech-support pop-ups.
-Al-
On Mon, Mar 14, 2016 at 08:03 PM, Scott Galambos wrote:
>
> I've upgraded to the latest Clamav 0.99.1 on Linux/Sendmail and it still is not catching all these ZIP files with .js files inside them. Is clamav suppose to stop these?
>
> I constantly get these messages with .ZIP attachments that I would think clamav should stop. Am I expecting too much? missing something?=
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 2370 bytes
Desc: not available
URL: <https://lists.clamav.net/pipermail/clamav-users/attachments/20160314/7c327f48/attachment.bin>
More information about the clamav-users
mailing list