[clamav-users] Macro virus missed...
Groach
groachmail-stopspammingme at yahoo.com
Fri Aug 31 07:15:51 UTC 2018
The one thing that we do know is that you shouldnt have expectations of
ClamAV to be effective for Zero Hour, or even Zero Day (or some could
argue more) effective and you really shouldnt expect such immediate
response or effectiveness. (They will have their reasons - team size,
techology, reliance on public etc). To give you a realistic idea - a
recent FP I had and reported (involving marking a shed load of PDF's
that go back several years long before the supposed threat was even
invented) took 4 days to be removed after being reported.
For more immediate effectiveness then, yes, you should be relying on
Sane (or others).
Any 24hour released threats have (for my system) always been detected by
Sane (I rarely get Clam detecting anything as the threat has since been
detected by Sane and remove, or the threat is no longer prevalent, by
the time matching ClamAV sigs get released).
You asked about expectation and requirements to rely on Sane: I believe
the above is the answer giving a true reflection of the facts from my
experience.
On 31/08/2018 03:34, Alex wrote:
> Hi,
> I submitted a false-negative about six hours ago and it hasn't yet
> been detected and still seeing them being received. I don't want to
> post it here to further enable the scammers, but this is the
> virustotal entry:
>
> https://www.virustotal.com/#/file/ef65f07bf10746665d308e147a6a86329c169e1ac86e7e414ae5a809210775c1/detection
>
> A dozen other antivirus vendors are blocking them now - why not
> clamav? How does the process of adding new signatures work? Is there a
> staff of people working on this or something less?
>
> I realize it's free, and I'm not complaining - just want to know what
> I should expect. We've also contributed to Steve's effort at Sane, but
> should we be relying on him?
>
> Thanks,
> Alex
> _______________________________________________
> clamav-users mailing list
> clamav-users at lists.clamav.net
> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.clamav.net/pipermail/clamav-users/attachments/20180831/db174953/attachment.htm>
More information about the clamav-users
mailing list