Hi,
Thanks for writing back.
Will have a look at the documentation and at the archive.
Greetings,
Simon
Am 22.04.2020 um 01:48 schrieb G.W. Haywood via clamav-users:
Hi there,
On Wed, 22 Apr 2020, Simon Eigeldinger wrote:
I plan to set up some ClamAV instances on Windows Servers to scan some
office documents and other files.
If I were going to scan files for Windows malware, I wouldn't use a
Windows box to scan them - but that's up to you.
So helping the other scanner which is already installed and to see
if it is missing a virus.
I'd expect you'd have more luck if you used the other scanner to see
what was missed by ClamAV.
I have just some stupid questions :-) :
They're not stupid, but they do really only scratch the surface.
Which signatures to use?
The default ones that come with the example config?
Any that you can get hold of. There are a lot of them about. The
Sansecurity signatures get a good press but I use them to fight spam
rather than protect against malware. I personally think that if you
can find malware on a machine, it's already too late to be looking.
Any config i should take a look at?
There's a lot of documentation, you should read it.
As far as i have seen ClamAV isn't scanning the whole file just a
part of it. Do viruses sit at a special point of a file or do
traces of them exist at special spots?
It's not really like that. Drink deep, or taste not...
ClamAV needs to know something about the different types of files, so
it can do a better job of scanning, and there's an upper limit to the
amount of data that ClamAV will scan in any event. There have been
discussions about it on this list, please spend some quality time with
the archives.
_______________________________________________
clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/contact.html#ml
