On Wed, October 14, 2015 7:37 am, Rajesh M wrote: > > Sanesecurity.Foxhole.7z:CL_TYPE_7Z > Sanesecurity.Foxhole.Rar:CL_TYPE_RAR etc..
Hi rajesh, Yep, the above will work... but could cause high FP's for some people which they might find unacceptable, depending on their setup. If anyone has a nice malware zip/7z/rar etc. collection it might be nice to create a "database" of their "common" bad filenames, which I can add into foxhole_filename.cdb. I've made start on the above and will shortly be adding thise into foxhole_filename.cdb Cheers, Steve Web : sanesecurity.com Blog: sanesecurity.blogspot.com _______________________________________________ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
