Matus UHLAR - fantomas wrote: > Hello, > > Some our customers are ocasionally having problems with their (or other) > webpages containing malicious javascript (containing or downloading trojans > etc). > > We are currently scanning files uploaded via FTP by clamav (using mod_clamav > for ProFTPD). > > We are also planning to integrate virus scanner to out proxy server (squid) > so the malware would not get to our clients even from other websites. > > However, clamav currently does NOT detecty such malicious code. Therefore I > would like to ask if I should just submit such code or is there anything > other that must be done to be able to detect malicious javascript? > > Also, is there a possibility for (optional) curing such files? > (The malicious code was a few times only appended by the malware, so its > removing should not make any harm, especially on proxy) > > I can provide some examples if you need... > Instead of clamav, I would recommend squidGuard and some blacklist lists there. It's more suited to this task than clamAV. ClamAV probably still won't find the malicious javascript and squidGuard using some of the malicious site blacklists will do a better job.
Lyle Giese LCR Computer Services, Inc. _______________________________________________ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
