On Wed, October 14, 2015 7:23 am, Hartmann, Jan wrote: > > > Hi, > Today we had a lot problems with exe files hidden in zip archives > > > I tried to add the foxholedb to our clamav, but sadly it didnât > recognize the exe in the zip. > > > clamscan --database=/var/lib/clamav/foxhole_generic.cdb fatuousness\ > paging\ policy\ work\ regulations.zip fatuousness paging policy work > regulations.zip: OK
Hi Jan, foxhole_all.cdb will block all exe's in Zip files etc. It will block more malware but there is obviously an increased risk of False Positives. foxhole_generic.cdb mainly deals with double-extension or hidden filename malware. foxhole_filename.cdb contrains known filenames containing malware. I'm guessing that your zip file, only has a single filename exe? What does this show: unzip -l fatuousness paging policy work regulations.zip Cheers, Steve Web : sanesecurity.com Blog: sanesecurity.blogspot.com _______________________________________________ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
