Hi there, On Tue, 23 Mar 2021, Joe Acquisto-j4 wrote:
In log find (snipped)
Full marks for reading your logs. :)
". . .infected by Heuristics.OLE2.ContainsMacros.VBA" and ". . .infected by Heuristics.Phishing.Email.SpoofedDomain" I love the first one but loathe the second one.
That's your prerogative, of course, but both are generic threat descriptions which are applied to a number of potential threats. I don't see why anyone would like one and dislike the other, but then I don't get sentimental about the descriptions of signatures.
Is there some secret sauce to allow discriminating between them?
I don't think I understand the question. There are two distinct names for two different classes of threat. What exactly are you looking for that isn't provided by the names? Do you mean distinguishing between individual examples of the type of threat? Perhaps you should be looking at your log verbosity, or perhaps something which analyzes suspect data more thoroughly. Are these logs the result of scanning filesystems, scanning mail, or...? I see very few examples of this sort of thing, maybe that's because I only use ClamAV to scan mail, and I drop large numbers of connections before the client even says 'EHLO'. -- 73, Ged. _______________________________________________ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
