[clamav-users] ClamAV to detect exploits for the Equation Editor vulnerability in DOC files
G.W. Haywood
clamav at jubileegroup.co.uk
Sat Jan 23 17:58:30 UTC 2021
Hello again,
On Sat, 23 Jan 2021, Chaminda Indrajith via clamav-users wrote:
> ... I have the evidence that Clamd finds threats, but it cannot
> detect some of the threats
As I said this is not unusual. From my experience I would say that of
all the threats that I see, ClamAV will typically detect a few tens %.
It's possible with some effort to 'tune' detection to your particular
mail profile but it's really a moving target. If you have something
like a repeat offender sending lots of malicious mail it's usually
easy to educate ClamAV to block it.
> I will share the complete messages that stored by MailScanner and I will
> share the FTP access details separately. ...
I will let you have a private email address to send the access details.
Do not worry if messages to the private address are rejected, filtering
of our mail is extremely unforgiving.
> How can I share the threats with ClamAV Team. Can I share the same FTP
> access details
The best ways are either to use the 'clamsubmit' utility or the Web
page which I mentioned in one of my earlier replies. The ClamAV team
will be unlikely to make effective use of your FTP server - it would
be too time-consuming for them to use a different method of collecting
samples from each and every ClamAV user.
> Thanks again for your great explanation and support.
I'm glad it's useful!
--
73,
Ged.
More information about the clamav-users
mailing list