I don’t have any answers, but you have raised my curiosity level. What exactly is the threat from these javascript files you are finding? In checking the over four million virus signatures provided in the official ClamAV database, I see there are only 440 labeled as “.js” based and 94% of those are in the main.cvd which means they are old. Of the 28 in daily.cvd, 22 are labeled as PUA (potentially unwanted applications) which normally indicate low/no threat. I’d have to conclude that either there have not been sufficient js file samples submitted which turn out to be threats or they are somehow low priority to the signature writers here.
Perhaps I’m just out-of-touch since I deal almost exclusively with Apple Mac threats, but as far as I know there are no e-mail javascript threats to OS X or it’s applications and about the worst we see via web browsers are fake ransomeware and tech-support pop-ups. -Al- On Mon, Mar 14, 2016 at 08:03 PM, Scott Galambos wrote: > > I've upgraded to the latest Clamav 0.99.1 on Linux/Sendmail and it still is > not catching all these ZIP files with .js files inside them. Is clamav > suppose to stop these? > > I constantly get these messages with .ZIP attachments that I would think > clamav should stop. Am I expecting too much? missing something?=
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
