Mailing List Archive: [clamav-users] ClamAV definitions vs LMD/maldet

[clamav-users] ClamAV definitions vs LMD/maldet

Mar 5, 2019, 6:24 AM

Post #1 of 5 (252 views)

Hello,

does anyone here have experience/knowledge about LMD/maldet?

What I don't understand is whether it provides any advantage over
running just ClamAV for regular weekly scans. If I understand it
correctly, the malware definitions are shared among these programs, does
maldet give any advantage?

I couldn't find a better place to ask but I will do the tests myself
when I get my hands on some data to scan and will report my findings.

Best Regards,
Jakub Filo

--
Jakub Filo
known as PLANTROON
www.plantroon.com
contact@plantroon.com

_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users

Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] ClamAV definitions vs LMD/maldet [ In reply to ]

clamav-users at lists

Mar 5, 2019, 7:01 PM

Post #2 of 5 (251 views)

Permalink

> does anyone here have experience/knowledge about LMD/maldet?
>
> What I don't understand is whether it provides any advantage over
> running just ClamAV for regular weekly scans. If I understand it
> correctly, the malware definitions are shared among these programs, does
> maldet give any advantage?

maldet uses ClamAV as the backend with custom signature files. I
honestly couldn't tell you how many are unique from other 3rd party
signatures.

I'm pretty sure the clamav-unofficial-sigs script downloads the same
signature files as maldet. The maldet program itself gives you
turn-key ability for various scanning, logging, and cleaning
options...

_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users

Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] ClamAV definitions vs LMD/maldet [ In reply to ]

clamav-users at lists

Mar 6, 2019, 2:37 AM

Post #3 of 5 (251 views)

Permalink

On 2019/03/06 05:01, J.R. via clamav-users wrote:
> I'm pretty sure the clamav-unofficial-sigs script downloads the same
> signature files as maldet. The maldet program itself gives you
> turn-key ability for various scanning, logging, and cleaning
> options...

clamav-unofficial-sigs does

vagrant@stretch:/var/lib/clamav$ ls -la rfxn.*
-rw-r--r-- 1 clamav clamav 849117 Feb 25 05:13 rfxn.hdb
-rw-r--r-- 1 clamav clamav 451444 Feb 25 05:13 rfxn.ndb

HTH
Regards
Brent

_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users

Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] ClamAV definitions vs LMD/maldet [ In reply to ]

clamav-users at lists

Mar 6, 2019, 3:15 AM

Post #4 of 5 (251 views)

Permalink

Thanks for the reply.
So basically it does nothing extra, just has more definitions which I can import to clamav anyway?
On Mar 6, 2019 4:01 AM, "J.R. via clamav-users" <clamav-users@lists.clamav.net> wrote:

> does anyone here have experience/knowledge about LMD/maldet?
>
> What I don't understand is whether it provides any advantage over
> running just ClamAV for regular weekly scans. If I understand it
> correctly, the malware definitions are shared among these programs, does
> maldet give any advantage?

maldet uses ClamAV as the backend with custom signature files. I
honestly couldn't tell you how many are unique from other 3rd party
signatures.

I'm pretty sure the clamav-unofficial-sigs script downloads the same
signature files as maldet. The maldet program itself gives you
turn-key ability for various scanning, logging, and cleaning
options...

_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users

Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] ClamAV definitions vs LMD/maldet [ In reply to ]

clamav-users at lists

Mar 6, 2019, 4:33 AM

Post #5 of 5 (251 views)

Permalink

> So basically it does nothing extra, just has more definitions
> which I can import to clamav anyway?

You can download the program and look it over without installing, it's
just bash scripts. It does appear in its own sigs directory there are
additional signature files:

-rw-r--r-- 1 root root 443304 Feb 25 04:07 hex.dat
-rw-r--r-- 1 root root 14 Feb 25 04:07 maldet.sigs.ver
-rw-r--r-- 1 root root 775382 Feb 25 04:07 md5.dat
-rw-r--r-- 1 root root 846582 Feb 25 04:07 md5v2.dat
-rw-r--r-- 1 root root 849117 Feb 25 04:07 rfxn.hdb
-rw-r--r-- 1 root root 451444 Feb 25 04:07 rfxn.ndb
-rw-r--r-- 1 root root 408598 Feb 25 04:07 rfxn.yara

_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users

Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml