Hello.
I am just curious, since I am using SaneSecurity
signatures too.
According to: http://sanesecurity.com/usage/signatures/
some of the lists you mentioned have been classified
with 'medium' to 'high' risk of false positives:
foxhole_*
spear / spearl
Did you not get into trouble with those ones?
Regards,
Matteo
On 19.02.2015 15:46, Reindl Harald wrote:
Am 19.02.2015 um 15:43 schrieb David F. Skoll:
On Thu, 19 Feb 2015 09:34:28 -0500
Alex Regan <mysqlstud...@gmail.com> wrote:
[David Skoll]
spreadsheet with a macro virus in it. ClamAV is essentially
useless at detecting viruses, so it's a real problem... any ideas?
Useless? Are you using the third-party patterns?
No, because when I tried some of them, there were an unacceptably
high number of FPs. I tried tweaking various sets of Sane Security
signatures and they didn't work well for me
looks you are using the wrong ones
no problems with that ones
blurl.ndb
bofhland_cracked_URL.ndb
bofhland_malware_attach.hdb
bofhland_malware_URL.ndb
bofhland_phishing_URL.ndb
crdfam.clamav.hdb
foxhole_all.cdb
foxhole_filename.cdb
foxhole_generic.cdb
malwarehash.hsb
phish.ndb
phishtank.ndb
rogue.hdb
sanesecurity.ftm
scamnailer.ndb
scam.ndb
sigwhitelist.ign2
spearl.ndb
spear.ndb
winnow.attachments.hdb
winnow_bad_cw.hdb
winnow_extended_malware.hdb
winnow_malware.hdb
winnow_malware_links.ndb
winnow_phish_complete_url.ndb
winnow_spam_complete.ndb