On 4/8/2014 8:12 PM, Carl Brewer wrote:
On 13/02/2014 8:48 PM, Sim wrote:
Hello!
In the last weeks/months the unrecognized virus are increasingly
exponentially
(not only for Clamav but for all antivirus).
My idea is "block" all EXE/SRC (also into ZIP/RAR).
Executing "clamscan --debug filename" I can see:
- LibClamAV debug: Recognized MS-EXE/DLL file
- Section contains executable code
Which is the best solution/way to block all EXE/executable files?
If it's on a mail server, why not use the MTA to block it?
We use the signature database Foxhole_all.
After a ransomware (Cryptolocker) outbreak unfortunately.
That covers most dangerous types inside ZIP, RAR.
_______________________________________________
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/support/ml
