[clamav-users] Grizzly Steppe
Joel Esler (jesler)
jesler at cisco.com
Thu Jan 5 16:40:28 UTC 2017
AMP has far more coverage than ClamAV. As the coverage can be generated much more quickly and without a DB to download, it happens in real time.
As far as coverage for ClamAV, and Alain can correct me if I am wrong, I believe coverage has been pushed out.
--
Joel Esler | Talos: Manager | jesler at cisco.com<mailto:jesler at cisco.com>
On Jan 4, 2017, at 6:52 PM, Eric Tykwinski <eric-list at truenet.com<mailto:eric-list at truenet.com>> wrote:
This was my concern about Cisco’s AMP product on ASA’s and NGIPS’s. I’m going to be beta testing stuff out shortly, but don’t have high hopes besides the Snort rules.
Sincerely,
Eric Tykwinski
TrueNet, Inc.
P: 610-429-8300
On Jan 4, 2017, at 6:23 PM, Reindl Harald <h.reindl at thelounge.net<mailto:h.reindl at thelounge.net>> wrote:
Am 04.01.2017 um 23:12 schrieb Al Varnell:
Can somebody with access to those samples run them against a virgin ClamAV signature database to answer the question? I'd be happy to if there are samples I can access.
official, virgin signatures don't and probably will never recognize recent malware and following this list you should know this already
_______________________________________________
clamav-users mailing list
clamav-users at lists.clamav.net<mailto:clamav-users at lists.clamav.net>
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/contact.html#ml
More information about the clamav-users
mailing list