[clamav-users] Are signatures for Windows only?

J.R. themadbeaker at gmail.com
Mon Mar 25 16:19:23 EDT 2019


> People have been doing that kind of thing for years, I'm not sure how
> much it's increasing.  Most of the time it seems to me they don't know
> why they're doing it nor even, if there is something in there to find,
> how likely it is that a ClamAV scan will find it.

I know people have been scanning their entire systems all these years.
I was referring to just casually observing recently more people
"posting on the mailing list" about when they do a full scan on their
system.

> Although we share files with Windows platforms we really
> only use ClamAV to scan mail.  I guess we're as untypical of a ClamAV
> user as you'll get.

I only use ClamAV to scan email on my linux box. To me that seems like
the most common / typical use.

> Even so, ever since we took to rejecting
> mail based on things like geography it really is just the occasional
> catch.

Yep, other measures for me too has meant that ClamAV *might* get one
hit a day, which typically is a 3rd party phishing signature. I'm sure
if ClamAV didn't catch it the email would still have been flagged and
deleted as spam from other measures.

> It's a while since I looked at this, so I did a few 'grep's on 'daily':

You inspired me to take a look at the signature files, and using
sigtool to unpack them I browsed each of them (not really sure what
each file does) and indeed there are lots of signatures labeled Unix &
Multios and such. Looks like I might run a manual scan on the file
system and see what happens.


More information about the clamav-users mailing list