The OP brought up several points, none of which were addressed.
1. Nevertheless, the detection rate of viruses, trojans, etc. is not very good.
Almost every time I submit a sample file on virustotal.com ClamAV can not detect
the virus or malware.
2. Up to now, I never got a notification, although "Notify me" was checked.
3. Why shall we not post more than two sample files per day ?
4. What can we do to improve the detection rate of ClamAV ?
Let's start the conversation.
dp
On 6/23/14, 9:42 AM, Alain Zidouemba wrote:
Walter,
We received your sample for the first time today and will be analyzing it
for coverage in the ClamAV signature set. Thanks for your submission.
If you are planning to submit a large number of samples on a regular basis,
please contact me off-list.
- Alain
On Mon, Jun 23, 2014 at 11:47 AM, Walter Bürger <walter.buer...@arscons.de>
wrote:
Hi dear ClamAV team,
ClamAV is a good software and it runs very stable
on my servers for years!
Many thanks for ClamAV and for your efforts making it
such a stable software!
Nevertheless, the detection rate of viruses, trojans, etc.
is not very good.
Almost every time I submit a sample file on virustotal.com
ClamAV can not detect the virus or malware.
This morning I submitted the file Rechnung_23_14_06_
198630274520031_telekom_deutschland_GmbH.exe
(MD5 ad690be247dda635781e20887fcac0e7)
on virustotal.com.
4 out of 54 scanners detected a virus
(NOD32 named it Win32/Kryptik.CFAE)
but ClamAV did not detect it.
About 4 hours later I checked again and
12 out of 54 scanners detected a virus in this file
but ClamAV did not detect it.
Of course I submitted this sample file on
http://www.clamav.net/lang/en/sendvirus/submit-malware/
too.
Up to now, I never got a notification, although "Notify me" was checked.
A few minutes ago on one of my mailservers:
clamdscan Rechnung_23_14_06_198630274520031_telekom_deutschland_GmbH.exe
Rechnung_23_14_06_198630274520031_telekom_deutschland_GmbH.exe: OK
Why shall we not post more than two sample files per day ?
I think you would get many more sample files and hence a better detection
rate.
While submitting my sample file to
http://www.clamav.net/lang/en/sendvirus/submit-malware/
"Share this sample with other AV vendors" was checked.
Do other AV vendors share their samples with ClamAV ?
What can we do to improve the detection rate of ClamAV ?
Best regards,
Walter.
_______________________________________________
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/support/ml
_______________________________________________
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/support/ml
_______________________________________________
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/support/ml
