-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 2014-09-15 14:06, Anton Aylward wrote:
On 09/14/2014 11:53 AM, Carlos E. R. wrote:
On 2014-09-14 17:18, pinguin74 wrote:
What is your opinion about the strength of ClamAV? I now and then I receive malware in email it does not detect. Sometimes Avira does. And other times it is the other way round.
I'm curious as to what that malware might be? Was it something that was Windows-specific or might it have some effect on Linux?
So far, Windows specific, and very little. my amavis simply bans any exe file in attachments, even inside zips, and they are apparently not scanned then by the antivirus. I see I get some of them. Mail positives detected by the antivirus itself are scarce, none this year unless I goofed somewhere (I have to check). Otherwise, I got: Email.Trojan-277 virus Email.Trojan-277 Email.Trojan-303, Trojan.Spy.Zbot-566 Email.Trojan-280, Suspect.Trojan.Generic.FD-1 Email.Trojan-280, BC.Heuristic.Trojan.SusPacked.BF-6.B BC.Heuristic.Trojan.SusPacked.BF-6.A Amavis does not, afaik, create a log of the malware that it filters. What, from, to, date, subject, would be nice. And, by the way, Avira antivir has moved out of the Linux business, so the only free antivirus that I know in Linux that still works is clamav. My "banned" mail folder contains entries now and then with zip archives, that I guess might contain PDFs or DOCs. I would have to manually look inside. Let me see... Invoice_8990040.zip --> Invoice_24042014.scr PE32 executable (GUI) Intel 80386, for MS Windows clamscan --> clean. VoiceMail.zip --> VOICE347-643-6325.scr PE32 executable (GUI) Intel 80386, for MS Windows clamscan --> clean. invoice 7941461.zip --> invoice 8820122/invoice 8820122.exe PE32 executable (GUI) Intel 80386, for MS Windows clamscan, antivir --> clean. So you see, clamav in those cases would have been totally useless, 3 of 3. It is amavis which bans them simly because they are executable... Most claim to be a document, but they are runable files inside zips. I don't see a .doc file, but then I have not opened all zips. If I got those emails in Windows, and I be using clamav or avira, I could be hosed... except that I do not click to open unrequested zips. - -- Cheers / Saludos, Carlos E. R. (from 13.1 x86_64 "Bottle" at Telcontar) -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (GNU/Linux) iEYEARECAAYFAlQW4B0ACgkQtTMYHG2NR9WoBgCgiWnMSC3EIpvw6Jmhb2zh7xP6 gqUAn2Rlagm0Md7KMIk13xnx0Z7J2SmU =13KW -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse-security+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-security+owner@opensuse.org