ClamAV does provide for heuristic detection and its normal ruleset includes heuristic rule as does the UNOFFICIAL feeds.It meets the mail for NIST as well as DCID (and its followon regs)
Tom > On Jan 29, 2016, at 7:01 AM, Brad Scalio <sca...@gmail.com> wrote: > > Can anyone answer the mail on this control enhancement in NIST 800-53 (Rev. > 4) and if Clam AV has this in 0.99 release and if not, if anyone has any > fodder or websites that can explain this more ... again many thanks and if > this isn't the correct listserver to use for this many apologies. > > SI-3(7) > MALICIOUS CODE PROTECTION | NONSIGNATURE-BASED DETECTIONThe information > system implements nonsignature-based malicious code detection mechanisms. > Supplemental Guidance: Nonsignature-based detection mechanisms include, for > example, the use of heuristics to detect, analyze, and describe the > characteristics or behavior of malicious code and to provide safeguards > against malicious code for which signatures do not yet exist or for which > existing signatures may not be effective. This includes polymorphic > malicious code (i.e., code that changes signatures when it replicates). > This control enhancement does not preclude the use of signature-based > detection mechanisms. > _______________________________________________ > Help us build a comprehensive ClamAV guide: > https://github.com/vrtadmin/clamav-faq > > http://www.clamav.net/contact.html#ml _______________________________________________ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
