Re: [clamav-users] Scanning files with ClamAV on Windows
Hi, Thanks for writing back. Will have a look at the documentation and at the archive. Greetings, Simon Am 22.04.2020 um 01:48 schrieb G.W. Haywood via clamav-users: Hi there, On Wed, 22 Apr 2020, Simon Eigeldinger wrote: I plan to set up some ClamAV instances on Windows Servers to scan some office documents and other files. If I were going to scan files for Windows malware, I wouldn't use a Windows box to scan them - but that's up to you. So helping the other scanner which is already installed and to see if it is missing a virus. I'd expect you'd have more luck if you used the other scanner to see what was missed by ClamAV. I have just some stupid questions :-) : They're not stupid, but they do really only scratch the surface. Which signatures to use? The default ones that come with the example config? Any that you can get hold of. There are a lot of them about. The Sansecurity signatures get a good press but I use them to fight spam rather than protect against malware. I personally think that if you can find malware on a machine, it's already too late to be looking. Any config i should take a look at? There's a lot of documentation, you should read it. As far as i have seen ClamAV isn't scanning the whole file just a part of it. Do viruses sit at a special point of a file or do traces of them exist at special spots? It's not really like that. Drink deep, or taste not... ClamAV needs to know something about the different types of files, so it can do a better job of scanning, and there's an upper limit to the amount of data that ClamAV will scan in any event. There have been discussions about it on this list, please spend some quality time with the archives. ___ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] Scanning files with ClamAV on Windows
Hello, Which signatures to use? The default ones that come with the example config? Any that you can get hold of. There are a lot of them about. The Sansecurity signatures get a good press but I use them to fight spam rather than protect against malware. I personally think that if you can find malware on a machine, it's already too late to be looking. According to https://www.securiteinfo.com/attaques/hacking/stats_malwares_internet.shtml (updated daily), ClamAV official detects 10% of daily malwares, SaneSecurity detects 10% of daily malwares, SecuriteInfo.com detects 93% of daily malwares. SaneSecurity is very good and very reliable to detect spams, or malware in mail flow (exe in zip, js in zip ...). But SecuriteInfo.com is the best to detect malware files. I personnaly recommand SecuriteInfo.com signatures for malware hunting: https://www.securiteinfo.com/services/anti-spam-anti-virus/improve-detection-rate-of-zero-day-malwares-for-clamav.shtml?lg=en -- Cordialement / Best regards, Arnaud Jacques Gérant de SecuriteInfo.com Téléphone : +33-(0)3.44.39.76.46 E-mail : a...@securiteinfo.com Site web : https://www.securiteinfo.com Facebook : https://www.facebook.com/pages/SecuriteInfocom/132872523492286 Twitter : @SecuriteInfoCom Securiteinfo.com La Sécurité Informatique - La Sécurité des Informations. 266, rue de Villers 60123 Bonneuil en Valois ___ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] Scanning files with ClamAV on Windows
Hi there, On Wed, 22 Apr 2020, Simon Eigeldinger wrote: I plan to set up some ClamAV instances on Windows Servers to scan some office documents and other files. If I were going to scan files for Windows malware, I wouldn't use a Windows box to scan them - but that's up to you. So helping the other scanner which is already installed and to see if it is missing a virus. I'd expect you'd have more luck if you used the other scanner to see what was missed by ClamAV. I have just some stupid questions :-) : They're not stupid, but they do really only scratch the surface. Which signatures to use? The default ones that come with the example config? Any that you can get hold of. There are a lot of them about. The Sansecurity signatures get a good press but I use them to fight spam rather than protect against malware. I personally think that if you can find malware on a machine, it's already too late to be looking. Any config i should take a look at? There's a lot of documentation, you should read it. As far as i have seen ClamAV isn't scanning the whole file just a part of it. Do viruses sit at a special point of a file or do traces of them exist at special spots? It's not really like that. Drink deep, or taste not... ClamAV needs to know something about the different types of files, so it can do a better job of scanning, and there's an upper limit to the amount of data that ClamAV will scan in any event. There have been discussions about it on this list, please spend some quality time with the archives. -- 73, Ged. ___ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
[clamav-users] Scanning files with ClamAV on Windows
Hi all, I plan to set up some ClamAV instances on Windows Servers to scan some office documents and other files. So helping the other scanner which is already installed and to see if it is missing a virus. I have just some stupid questions :-) : Which signatures to use? The default ones that come with the example config? Any config i should take a look at? As far as i have seen ClamAV isn't scanning the whole file just a part of it. Do viruses sit at a special point of a file or do traces of them exist at special spots? Greetings and thanks for helping. It is very apreciated. Simon ___ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
