[clamav-users] Detecting Word docs with macros

Steve Basford steveb_clamav at sanesecurity.com
Mon Dec 10 13:50:42 EST 2018




On 10 December 2018 17:21:05 "G.W. Haywood" <clamav at jubileegroup.co.uk> wrote:

> Hi there,
>
> On Mon, 10 Dec 2018, Steve Basfordwrote:
>
>> ... MiscreantPunch099-Low.ldb for additional detection but can hit
>> scanning performance.
>
> Can you give any estimate (however rough) of the performance hit?

 Scanning a small file... With each database... Not hugely scientific... 
Just relative to each other...

badmacro.ndb: 937 ms

blurl.ndb: 1125 ms

bofhland_cracked_URL.ndb: 859 ms
bofhland_malware_attach.hdb: 859 ms
bofhland_malware_URL.ndb: 844 ms
bofhland_phishing_URL.ndb: 828 ms
crdfam.clamav.hdb: 844 ms
doppelstern.hdb: 844 ms
doppelstern.ndb: 844 ms
doppelstern-phishtank.ndb: 828 ms
foxhole_all.cdb: 844 ms
foxhole_all.ndb: 844 ms
foxhole_filename.cdb: 938 ms
foxhole_generic.cdb: 860 ms
foxhole_js.cdb: 828 ms
foxhole_js.ndb: 828 ms
foxhole_mail.cdb: 828 ms

junk.ndb: 1750 ms

jurlbl.ndb: 985 ms
jurlbla.ndb: 906 ms
lott.ndb: 859 ms
malware.expert.hdb: 828 ms
malware.expert.ldb: 860 ms
malware.expert.ndb: 859 ms
MiscreantPunch099-INFO-Low.ldb: 922 ms

MiscreantPunch099-Low.ldb: Possible Performance Issue: 10407 ms

phish.ndb: 4282 ms

phishtank.ndb: 1172 ms

porcupine.ndb: 922 ms
rogue.hdb: 859 ms

scam.ndb: 1156 ms

scamnailer.ndb: 3953 ms

shelter.ldb: 843 ms
spam.ldb: 844 ms
spamattach.hdb: 891 ms
spamimg.hdb: 844 ms

spear.ndb: 1532 ms

spearl.ndb: 828 ms
winnow.attachments.hdb: 829 ms
winnow.complex.patterns.ldb: 860 ms
winnow_bad_cw.hdb: 844 ms
winnow_extended_malware.hdb: 937 ms
winnow_extended_malware_links.ndb: 844 ms
winnow_malware.hdb: 828 ms
winnow_malware_links.ndb: 843 ms
winnow_phish_complete.ndb: 843 ms
winnow_phish_complete_url.ndb: 828 ms
winnow_spam_complete.ndb: 844 ms


Cheers,

Steve
Twitter: @sanesecurity
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.clamav.net/pipermail/clamav-users/attachments/20181210/eb18404a/attachment.html>


More information about the clamav-users mailing list