[prev in list] [next in list] [prev in thread] [next in thread]
List: clamav-users
Subject: Re: [clamav-users] missed virus
From: TR Shaw <tshaw () oitc ! com>
Date: 2012-11-16 22:40:11
Message-ID: 8B0597CE-F1EC-477F-B462-EE32B2CD2A63 () oitc ! com
[Download RAW message or body]
Hi
winnow.attachments.hdb
winnow_bad_cw.hdb
winnow_malware_links.ndb
Also work to stop these
On Nov 15, 2012, at 4:55 PM, Steve Basford wrote:
>
>> OK, I'm stumped as to why clamav-milter did not catch this virus. It was
>> from this address, being masked as from UPS:
>>
>>
>> File: Invoices-14-2012.htm"
>>
> Hi Jamen,
>
> I've been seeing these java/htm combos over the last few days and been
> adding detection to phish.ndb.
>
> The other bad stuff coming in should be detected with:
>
> phish.ndb, rogue.hdb and blurl.ndb
>
> OITC's sigs are also recommended.
>
> More details here:
> http://www.sanesecurity.com/clamav/databases.htm
>
>
> Cheers,
>
> Steve
> Sanesecurity
>
> _______________________________________________
> Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
> http://www.clamav.net/support/ml
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic