I guess the first question is are you using official only signatures or do
you use 3rd party ones... if so could you do a database list.
Next, are you scanning files which are getting fps or are these files
grabbed via http or proxy?
Could you post sig names, filenames and hashes of a few of these.
ClamAV official fps can be reported here:
https://www.clamav.net/reports/fp
3rd party ones here:
http://sanesecurity.com/support/false-positives
Cheers,
Steve
Twitter: @sanesecurity
On 2 October 2016 02:20:51 Tsutomu Oyamada <oyam...@promark-inc.com> wrote:
Hi,
We like to know the Malware Detection Rate of ClamAV.
We are finding "False positive" as ClamAV scanning result in our developing
environment.
It is very rare or allmost nothing for us to find "false positive" from
other vendors AV products
such as Sophos or Symantec in the same environment.
Is there a possibility of unsuitable configuration of our product?
( e.g. to set heuristic level higher or lower)
We know well that no AV program can get zero (0) percent of false positive,
however
we like to have lower frequency of false positive as well as higher
detection rate.
Bestregards,
Promark
_______________________________________________
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/contact.html#ml
_______________________________________________
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/contact.html#ml