AMP has far more coverage than ClamAV. As the coverage can be generated much more quickly and without a DB to download, it happens in real time.
As far as coverage for ClamAV, and Alain can correct me if I am wrong, I believe coverage has been pushed out. -- Joel Esler | Talos: Manager | jes...@cisco.com<mailto:jes...@cisco.com> On Jan 4, 2017, at 6:52 PM, Eric Tykwinski <eric-l...@truenet.com<mailto:eric-l...@truenet.com>> wrote: This was my concern about Cisco’s AMP product on ASA’s and NGIPS’s. I’m going to be beta testing stuff out shortly, but don’t have high hopes besides the Snort rules. Sincerely, Eric Tykwinski TrueNet, Inc. P: 610-429-8300 On Jan 4, 2017, at 6:23 PM, Reindl Harald <h.rei...@thelounge.net<mailto:h.rei...@thelounge.net>> wrote: Am 04.01.2017 um 23:12 schrieb Al Varnell: Can somebody with access to those samples run them against a virgin ClamAV signature database to answer the question? I'd be happy to if there are samples I can access. official, virgin signatures don't and probably will never recognize recent malware and following this list you should know this already _______________________________________________ clamav-users mailing list clamav-users@lists.clamav.net<mailto:clamav-users@lists.clamav.net> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml _______________________________________________ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml