On 10 December 2018 17:21:05 "G.W. Haywood" wrote:
Hi there,
On Mon, 10 Dec 2018, Steve Basfordwrote:
... MiscreantPunch099-Low.ldb for additional detection but can hit
scanning performance.
Can you give any estimate (however rough) of the performance hit?
Scanning a small file... Wit
Hi there,
On Mon, 10 Dec 2018, Steve Basfordwrote:
... MiscreantPunch099-Low.ldb for additional detection but can hit
scanning performance.
Can you give any estimate (however rough) of the performance hit?
--
73,
Ged.
___
clamav-users mailing list
Steve.
> Sanesecurity badmacro.ndb and phish.ndb and rogue.hdb will pretty much
> cover a lot of those... MiscreantPunch099-Low.ldb for additional detection
> but can hit scanning performance.
>
> ClamAV settings in clamd.conf can also be tweaked to block documents with
> macro and or passwords.
On Mon, December 10, 2018 2:58 pm, Eric Tykwinski wrote:
> Default clam sigs obviously are not catching these, but wondering if
> anyone has them included in a third party that rather FP friendly.
>
> I also just tested a yara from here, and it seems to work, but not
> certain about FPs from it e
Default clam sigs obviously are not catching these, but wondering if anyone
has them included in a third party that rather FP friendly.
I also just tested a yara from here, and it seems to work, but not certain
about FPs from it either.
https://blog.rootshell.be/2015/01/08/searching-for-microsoft