Hi there,
On Thu, 10 Feb 2022, Matus UHLAR - fantomas wrote:
...
I think most of it comes from securiteinfo.com feed, which I have subscribed
into. I have this machine for personal use.
it seems their signatures are the most commonly catched:
% zgrep -Fih FOUND `ls -1tr clamav.log*` | awk ...
84 SecuriteInfo
62 Porcupine
32 Sanesecurity
That's a bit odd. You seem to be getting roughly twice the hits from
Porcupine that you get from Sansecurity, and over here it's the other
way around although the difference is smaller. We see about 50%-60%
more from Sanesecurity than from Porcupine, 85 and 55 respectively to
date in February. In fact my Yara rules catch many more than that, I
wonder if they catch more of what Porcupine would have caught and your
SecuriteInfo sigs catch more of what Sanesecurity would have caught.
I've looked into telling ClamAV to report all the matches it can find
instead of just the first, but actually doing that hasn't yet reached
the top of this 'in' tray. I'll stop. A fellow could go nuts.
--
73,
Ged.
_______________________________________________
clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/contact.html#ml
