[clamav-users] Reporting malware/false negatives
Joel Esler (jesler)
jesler at cisco.com
Wed Mar 22 01:22:48 UTC 2017
Inline.
--
Sent from my iPhone
> On Mar 21, 2017, at 20:27, Alex <mysqlstudent at gmail.com> wrote:
>
> Hi, I reported an encrypted word macro virus this morning, and this
> evening it is still not detected by sanesecurity or clamav proper.
>
> How long does it typically take for a sample to be analyzed and a
> pattern to be created?
Generally speaking, a couple hours (sometimes 4, sometimes 8, depending on automation schedules) Because it was encrypted, it may be a bit more difficult, so I'll have to look into it. What is the sha256 hash of the file?
>
> What is the typical procedure going on behind the scenes? Is this a priority?
Most of what comes in via the website is taken care of automatically. The stuff that isn't taken care of automatically has to be looked at.
>
> I don't even bother reporting them to sophos, et al because it's
> sometimes days before they're added. I was expecting better from
> clamav...
Interesting, considering Sophos is not a free product.
>
> There's still no ticketing or follow-up mechanism with samples, so I
> have no way of indicating which sample I sent...
We are working on that.
> _______________________________________________
> clamav-users mailing list
> clamav-users at lists.clamav.net
> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml
More information about the clamav-users
mailing list