Mailinglist Archive: opensuse-security (51 mails)

< Previous Next >
Re: [opensuse-security] How capable is ClamAV?
Hash: SHA1

On 2014-09-15 14:06, Anton Aylward wrote:
On 09/14/2014 11:53 AM, Carlos E. R. wrote:
On 2014-09-14 17:18, pinguin74 wrote:
What is your opinion about the strength of ClamAV?
I now and then I receive malware in email it does not detect.
Sometimes Avira does. And other times it is the other way round.

I'm curious as to what that malware might be? Was it something that
was Windows-specific or might it have some effect on Linux?

So far, Windows specific, and very little.

my amavis simply bans any exe file in attachments, even inside zips,
and they are apparently not scanned then by the antivirus. I see I get
some of them.

Mail positives detected by the antivirus itself are scarce, none this
year unless I goofed somewhere (I have to check).

Otherwise, I got:

virus Email.Trojan-277
Email.Trojan-303, Trojan.Spy.Zbot-566
Email.Trojan-280, Suspect.Trojan.Generic.FD-1
Email.Trojan-280, BC.Heuristic.Trojan.SusPacked.BF-6.B

Amavis does not, afaik, create a log of the malware that it filters.
What, from, to, date, subject, would be nice.

And, by the way, Avira antivir has moved out of the Linux business, so
the only free antivirus that I know in Linux that still works is clamav.

My "banned" mail folder contains entries now and then with zip
archives, that I guess might contain PDFs or DOCs. I would have to
manually look inside. Let me see... --> Invoice_24042014.scr
PE32 executable (GUI) Intel 80386, for MS Windows
clamscan --> clean. --> VOICE347-643-6325.scr
PE32 executable (GUI) Intel 80386, for MS Windows
clamscan --> clean.

invoice --> invoice 8820122/invoice 8820122.exe
PE32 executable (GUI) Intel 80386, for MS Windows
clamscan, antivir --> clean.

So you see, clamav in those cases would have been totally useless, 3
of 3. It is amavis which bans them simly because they are
executable... Most claim to be a document, but they are runable files
inside zips. I don't see a .doc file, but then I have not opened all zips.

If I got those emails in Windows, and I be using clamav or avira, I
could be hosed... except that I do not click to open unrequested zips.

- --
Cheers / Saludos,

Carlos E. R.
(from 13.1 x86_64 "Bottle" at Telcontar)
Version: GnuPG v2.0.22 (GNU/Linux)

To unsubscribe, e-mail: opensuse-security+unsubscribe@xxxxxxxxxxxx
To contact the owner, e-mail: opensuse-security+owner@xxxxxxxxxxxx

< Previous Next >
Follow Ups