steve i am writing this on the basis of the experience of over 18500 corporate users -- and they have no complaints at all.
basically people sending all these different file exe, jar and other forbidden extensions directly or within zip rar etc are 99.999 percent spammers / botnet the only people who mentioned the issue are software developers who happened to send exe or jar etc with their emails. however once i explained to them and and provided them ftp accounts for transmitting such files they were happy. also genuine senders are intimated correctly that their email has not been sent so there is no loss of communications. the internet is getting to be an extremely dangerous place -- and i have seen several incidences of people opening these exe or scr files within zip files and having their entire pc locked up / companies losing millions because their employees' pcs were hacked. antivirus is only as good as the signature -- many many many many times clam fails -- even now word / excel macro virus documents are not detected. badfile names --- very very difficult to keep updating those. i would rather block the root cause (though a few people may complain) and than have the pcs of a huge number of people at risk. rajesh ----- Original Message ----- From: Steve Basford [mailto:steveb_cla...@sanesecurity.com] To: clamav-users@lists.clamav.net Sent: Wed, 14 Oct 2015 08:19:32 +0100 Subject: Re: [clamav-users] Trouble with foxhole On Wed, October 14, 2015 7:37 am, Rajesh M wrote: > > Sanesecurity.Foxhole.7z:CL_TYPE_7Z > Sanesecurity.Foxhole.Rar:CL_TYPE_RAR etc.. Hi rajesh, Yep, the above will work... but could cause high FP's for some people which they might find unacceptable, depending on their setup. If anyone has a nice malware zip/7z/rar etc. collection it might be nice to create a "database" of their "common" bad filenames, which I can add into foxhole_filename.cdb. I've made start on the above and will shortly be adding thise into foxhole_filename.cdb Cheers, Steve Web : sanesecurity.com Blog: sanesecurity.blogspot.com _______________________________________________ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml _______________________________________________ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
