[prev in list] [next in list] [prev in thread] [next in thread] 

List:       clamav-users
Subject:    Re: [clamav-users] missed virus
From:       TR Shaw <tshaw () oitc ! com>
Date:       2012-11-16 22:40:11
Message-ID: 8B0597CE-F1EC-477F-B462-EE32B2CD2A63 () oitc ! com
[Download RAW message or body]

Hi

winnow.attachments.hdb
winnow_bad_cw.hdb
winnow_malware_links.ndb

Also work to stop these

On Nov 15, 2012, at 4:55 PM, Steve Basford wrote:

> 
>> OK, I'm stumped as to why clamav-milter did not catch this virus. It was
>> from this address, being masked as from UPS:
>> 
>> 
>> File: Invoices-14-2012.htm"
>> 
> Hi Jamen,
> 
> I've been seeing these java/htm combos over the last few days and been
> adding detection to phish.ndb.
> 
> The other bad stuff coming in should be detected with:
> 
> phish.ndb, rogue.hdb and blurl.ndb
> 
> OITC's sigs are also recommended.
> 
> More details here:
> http://www.sanesecurity.com/clamav/databases.htm
> 
> 
> Cheers,
> 
> Steve
> Sanesecurity
> 
> _______________________________________________
> Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
> http://www.clamav.net/support/ml

_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
[prev in list] [next in list] [prev in thread] [next in thread]