My most effective blocks are tcpwrappers and DNS-based IP blacklists and URI
blacklists. Low returns on effort go to pattern matching regular expressions in
message bodies. It isn't possible to measure the effectiveness of ipset
blocklists when using NNN.0.0.0/8 IP blocks but there are a lot of them in my
firewall and hosts.deny files.
dp
On 12/6/18 12:27 AM, Al Varnell wrote:
Frankly, I'm surprised that ClamAV finds any such URL's. They are way to
dynamic (blacklisted one day and removed the next). ClamAV does malware
detection over the long haul and trying to keep up with fraudulent web sites
would be a full time job and better done by other means (e.g. Google Safe
Browsing).
-Al-
On Wed, Dec 05, 2018 at 11:33 PM, Sunny Marwah wrote:
Hello Team,
We are using clamav-0.100.2 to scan few HTML email templates.
Sometimes, there are deceptive URL's mentioned in those templates and that
template should be detected as infected via ClamAV scan process.
I can see weird output of ClamAV scan process. Sometimes it detect such
templates as infected and sometimes, it does not detect them as infected. And
the URL's i am talking about, are so deceptive that even Google chrome
browser don't let us open these URL's and show us clear warning as
"Dangerous" about deceptive website.
Can you put your views behind such unpredictable behavior ?
If you want then i can report such URL's on your malware link for reporting.
Regards
Sunny
_______________________________________________
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/contact.html#ml
_______________________________________________
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/contact.html#ml
