Re: [clamav-users] ClamAV+exim: scanner finds not a single malware

On Monday 23 May 2016 14:15:44 C.D. Cochrane wrote: > > Obviously going to disagree. We are pushing almost a thousand pieces > > of detection every four hours now, and that will only increase from > > here. > > 1,000,000 unique submissions per day vs. 6000 "pieces of detection" > per day. If

Re: [clamav-users] ClamAV+exim: scanner finds not a single malware

On 23/05/2016 21:21, Joel Esler wrote: On Mon, May 23, 2016 at 08:56:57PM +0200, Groach wrote: On 23/05/2016 20:39, Dave McMurtrie wrote: On Mon, 2016-05-23 at 19:52 +0200, C.D. Cochrane wrote: ClamAV is fast, free, easy to integrate with just about any MTA and it's actively developed. We've

Re: [clamav-users] ClamAV+exim: scanner finds not a single malware

On Mon, May 23, 2016 at 08:56:57PM +0200, Groach wrote: On 23/05/2016 20:39, Dave McMurtrie wrote: On Mon, 2016-05-23 at 19:52 +0200, C.D. Cochrane wrote: ClamAV is fast, free, easy to integrate with just about any MTA and it's actively developed. We've been running it for years, along with

Re: [clamav-users] ClamAV+exim: scanner finds not a single malware

On Mon, May 23, 2016 at 06:39:41PM +, Dave McMurtrie wrote: On Mon, 2016-05-23 at 19:52 +0200, C.D. Cochrane wrote: >> My 2 cents would be that rapid traditional signature updates are not a viable solution to this long term problem. >> I'm pretty sure the current generation of Locky,

Re: [clamav-users] ClamAV+exim: scanner finds not a single malware

On Mon, 2016-05-23 at 19:52 +0200, C.D. Cochrane wrote: > >> My 2 cents would be that rapid traditional signature updates are not a > >> viable solution to this long term problem. > >> I'm pretty sure the current generation of Locky, Dridex, Nemucod, etc. > >> ransomware is generated using

Re: [clamav-users] ClamAV+exim: scanner finds not a single malware

Every AV is losing. That’s why we’re working on alternative things at the same time. -- Joel Esler Manager, Talos Group On May 23, 2016, at 2:15 PM, C.D. Cochrane > wrote: Obviously going to disagree. We are pushing almost a thousand pieces of

Re: [clamav-users] ClamAV+exim: scanner finds not a single malware

> > Obviously going to disagree. We are pushing almost a thousand pieces of > detection > every four hours now, and that will only increase from here. > 1,000,000 unique submissions per day vs. 6000 "pieces of detection" per day. If that is "apples" to "apples" then I'd have to say ClamAV is

Re: [clamav-users] ClamAV+exim: scanner finds not a single malware

-- Joel Esler Manager, Talos Group On May 23, 2016, at 1:52 PM, C.D. Cochrane > wrote: My 2 cents would be that rapid traditional signature updates are not a viable solution to this long term problem. I'm pretty sure the current generation of Locky,

Re: [clamav-users] ClamAV+exim: scanner finds not a single malware

>> My 2 cents would be that rapid traditional signature updates are not a >> viable solution to this long term problem. >> I'm pretty sure the current generation of Locky, Dridex, Nemucod, etc. >> ransomware is generated using millions >> of tiny mutations so that almost every email attachment

Re: [clamav-users] ClamAV+exim: scanner finds not a single malware

Everything about ClamAV is open source and free. Including the signatures. There is nothing stopping any of us from filling the gaps in signatures. dp On 5/23/16 9:45 AM, Groach wrote: On 23/05/2016 14:44, C.D. Cochrane wrote: Hi Michael, I made a similar inquiry last week (Signature update

[clamav-users] incoming, it passes, scanned up to 24 hours later, its detected

Greetings all; What can I reconfigure in this procmail recipe, to make it detect stuff as its incoming, that are detected by a clamscand run while its sitting in my spam holding directories VERBOSE=YES # Scan for viruses :0 VIRUS=|clamdscan --stdout - :0w * VIRUS ?? ^.*:

Re: [clamav-users] ClamAV+exim: scanner finds not a single malware

On 05/23/2016 03:52 PM, Steve Basford wrote: Excellent - just installed it, and it's already working it's magic :) The views and opinions expressed by Michael in the above post that Sanesecurity possesses magic, are solely his own and do not necessarily represent the views of the ministry of

Re: [clamav-users] ClamAV+exim: scanner finds not a single malware

On Mon, May 23, 2016 2:33 pm, Michael D. L. wrote: > > > On 05/23/2016 02:44 PM, C.D. Cochrane wrote: > >> Hi Michael and Michael, >> You may want to look at sanesecurity[.]org. They have a supplemental >> ClamAV database that >> is supposed to be better at detecting the current scourge of

Re: [clamav-users] ClamAV+exim: scanner finds not a single malware

On 05/23/2016 02:44 PM, C.D. Cochrane wrote: Hi Michael and Michael, You may want to look at sanesecurity[.]org. They have a supplemental ClamAV database that is supposed to be better at detecting the current scourge of ransomware and malware. It was recommended to me when I noted that

Re: [clamav-users] ClamAV+exim: scanner finds not a single malware

Hello, Le lundi 23 mai 2016, 14:44:33 C.D. Cochrane a écrit : > Hi Michael and Michael, > You may want to look at sanesecurity[.]org. They have a supplemental ClamAV > database that is supposed to be better at detecting the current scourge of > ransomware and malware. You can check this too :

Re: [clamav-users] ClamAV+exim: scanner finds not a single malware

On 05/23/2016 01:43 PM, Michael Heseltine wrote: Hello all, I have recently modified my exim (4.82) configuration so that all messages pass through clamav (0.99.2) first. Anything labeled as malware should be rejected while the incoming SMTP connection is still open (using an

[clamav-users] ClamAV+exim: scanner finds not a single malware

Hello all, I have recently modified my exim (4.82) configuration so that all messages pass through clamav (0.99.2) first. Anything labeled as malware should be rejected while the incoming SMTP connection is still open (using an *acl_smtp_data* in exim). But so far, this setup has not

Re: [clamav-users] Clam & safe browsing question/problem

On 5/22/16 11:24 PM, Al Varnell wrote: On Sun, May 22, 2016 at 11:11 PM, Dennis Peterson wrote: On 5/22/16 11:03 PM, Al Varnell wrote: Perhaps this has something to do with it? We will know if v4 works when google.com

Re: [clamav-users] Clam & safe browsing question/problem

On Sun, May 22, 2016 at 11:11 PM, Dennis Peterson wrote: > > On 5/22/16 11:03 PM, Al Varnell wrote: >> Perhaps this has something to do with it? >> >> >> > We will know if v4 works when google.com is listed as an unsafe

Re: [clamav-users] Clam & safe browsing question/problem

On 5/22/16 11:03 PM, Al Varnell wrote: Perhaps this has something to do with it? -Al- We will know if v4 works when google.com is listed as an unsafe link. OT and all that. Move on - nothing to see here. dp

Re: [clamav-users] Clam & safe browsing question/problem

Perhaps this has something to do with it? -Al- On Sun, May 22, 2016 at 05:56 PM, Joel Esler (jesler) wrote: > > This is something the team is actively working on. Please stay tuned. > > > -- > Joel Esler > Manager,