[clamav-users] ClamAV+exim: scanner finds not a single malware

Joel Esler (jesler) jesler at cisco.com
Mon May 30 11:32:48 EDT 2016


Users are so trained to not open those now, they are defeated, plus conviction of the file is pretty easy generically.

The ones going around right now with the JavaScript inside of zip files are much more dynamic.

--
Joel Esler
iPhone

On May 30, 2016, at 11:17 AM, Groach <groachmail-stopspammingme at yahoo.com<mailto:groachmail-stopspammingme at yahoo.com>> wrote:

Im quite surprised really.  It seems the logical thing to do to fool inbound mail AV scanners leaving onus on the naive/stupid (delete as applicable) end user.



On 30/05/2016 16:48, Joel Esler (jesler) wrote:
Haven't seen those in a couple years.   They were big in the late 90's.

--
Joel Esler
iPhone

On May 30, 2016, at 10:21 AM, Kris Deugau <kdeugau at vianet.ca<mailto:kdeugau at vianet.ca><mailto:kdeugau at vianet.ca>> wrote:

Groach wrote:
As a side note:  is anyone surprised a virus hasnt been released,
embedded in a  'password protected' Zip file (to fool AV scans) with the
body of the email sayuing something like "to fight against viruses and
to protect you, it is password protected.  Your password is:  ABC123" ?
That is bound to fool some users, aint it.  (Or has this already been
done and I havent seen it)?

I've seen a couple of those, although none recently.  I don't recall if
I archived a copy for reference or not.

-kgd
_______________________________________________
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml
_______________________________________________
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

_______________________________________________
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml



More information about the clamav-users mailing list