Using clamav...
Is there any way to find out what is the risk level (score/priority/...) of
the detected virus/malware?
Is there any way to find out what is the risk level (score/priority/...) of
the detected virus/malware?
Mailing List Archive
[clamav-users] virus/malware risk level
Re: [clamav-users] virus/malware risk level
[ In reply to ]
Hello,
> Using clamav...
> Is there any way to find out what is the risk level (score/priority/...)
> of the detected virus/malware?
From my own opinion :
PUA detected malwares are risk : LOW
All other detected malwares are risk : MAXIMUM (if not a false positive).
--
Cordialement / Best regards,
Arnaud Jacques
Gérant de SecuriteInfo.com
Téléphone : +33-(0)3.44.39.76.46
E-mail : aj@securiteinfo.com
Site web : https://www.securiteinfo.com
Facebook : https://www.facebook.com/pages/SecuriteInfocom/132872523492286
Twitter : @SecuriteInfoCom
Securiteinfo.com
La Sécurité Informatique - La Sécurité des Informations.
266, rue de Villers
60123 Bonneuil en Valois
_______________________________________________
clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/contact.html#ml
> Using clamav...
> Is there any way to find out what is the risk level (score/priority/...)
> of the detected virus/malware?
From my own opinion :
PUA detected malwares are risk : LOW
All other detected malwares are risk : MAXIMUM (if not a false positive).
--
Cordialement / Best regards,
Arnaud Jacques
Gérant de SecuriteInfo.com
Téléphone : +33-(0)3.44.39.76.46
E-mail : aj@securiteinfo.com
Site web : https://www.securiteinfo.com
Facebook : https://www.facebook.com/pages/SecuriteInfocom/132872523492286
Twitter : @SecuriteInfoCom
Securiteinfo.com
La Sécurité Informatique - La Sécurité des Informations.
266, rue de Villers
60123 Bonneuil en Valois
_______________________________________________
clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/contact.html#ml
Re: [clamav-users] virus/malware risk level
[ In reply to ]
Not unless you are lucky enough to be able to somehow identify what the malware is. About the only ones that you stand any chance of finding would be those identified with a "CVE" number that you can look up on Mitre or NIST sites. A small number will get written up on the Talos blog site <https://blog.talosintelligence.com <https://blog.talosintelligence.com/>>. ClamAV doesn't have the staff necessary to document their signature database.
-Al-
ClamXAV User
> On May 30, 2019, at 05:28, WagdeZ via clamav-users <clamav-users@lists.clamav.net> wrote:
>
> Using clamav...
> Is there any way to find out what is the risk level (score/priority/...) of the detected virus/malware?
>
>
> _______________________________________________
>
> clamav-users mailing list
> clamav-users@lists.clamav.net <mailto:clamav-users@lists.clamav.net>
> https://lists.clamav.net/mailman/listinfo/clamav-users <https://lists.clamav.net/mailman/listinfo/clamav-users>
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq <https://github.com/vrtadmin/clamav-faq>
>
> http://www.clamav.net/contact.html#ml <http://www.clamav.net/contact.html#ml>
-Al-
ClamXAV User
> On May 30, 2019, at 05:28, WagdeZ via clamav-users <clamav-users@lists.clamav.net> wrote:
>
> Using clamav...
> Is there any way to find out what is the risk level (score/priority/...) of the detected virus/malware?
>
>
> _______________________________________________
>
> clamav-users mailing list
> clamav-users@lists.clamav.net <mailto:clamav-users@lists.clamav.net>
> https://lists.clamav.net/mailman/listinfo/clamav-users <https://lists.clamav.net/mailman/listinfo/clamav-users>
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq <https://github.com/vrtadmin/clamav-faq>
>
> http://www.clamav.net/contact.html#ml <http://www.clamav.net/contact.html#ml>
Attached Files:
-
smime.p7s (3.82 KB)
Re: [clamav-users] virus/malware risk level
[ In reply to ]
Hi there,
On Thu, 30 May 2019, WagdeZ wrote
> Using clamav...
> Is there any way to find out what is the risk level (score/priority/...) of
> the detected virus/malware?
The question is rather vague.
In many cases the signature name gives some sort of clue to what the
signature is about, so if you have a grasp of the infrastructure that
you're dealing with (if you don't - get one, quick) you can get a feel
for the relevance to you in your specific situation. This is part of
the risk assessment that only you, with your very particular knowledge
of your situation, can make.
For example, if I were to see an incoming mail message flagged with
Win.Exploit.CVE_2019_0758-6968262-1
it wouldn't have me on the edge of my seat because I don't operate any
Windows boxes. There's no risk to any of my equipment from an exploit
that can only attack a Windows operating system, although obviously
I'd want to understand the reason for the detection before I forwarded
the message to anyone else. I'd also want to know why the message got
as far as it did through the chain of defences, because I haven't seen
a mail message trigger a detection since last September and that's the
way I like things to be. Peaceful. Nothing to keep me awake at night.
Increasingly commonly, successful attacks employ many vulnerabilities
rather than a single one. Often these multiple vulnerabilities are
perceived as "low risk" individually, but when they're all brought
together by a competent attacker the result is a complete compromise
of the network. Misery. Any single detected threat is one too many.
--
73,
Ged.
_______________________________________________
clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/contact.html#ml
On Thu, 30 May 2019, WagdeZ wrote
> Using clamav...
> Is there any way to find out what is the risk level (score/priority/...) of
> the detected virus/malware?
The question is rather vague.
In many cases the signature name gives some sort of clue to what the
signature is about, so if you have a grasp of the infrastructure that
you're dealing with (if you don't - get one, quick) you can get a feel
for the relevance to you in your specific situation. This is part of
the risk assessment that only you, with your very particular knowledge
of your situation, can make.
For example, if I were to see an incoming mail message flagged with
Win.Exploit.CVE_2019_0758-6968262-1
it wouldn't have me on the edge of my seat because I don't operate any
Windows boxes. There's no risk to any of my equipment from an exploit
that can only attack a Windows operating system, although obviously
I'd want to understand the reason for the detection before I forwarded
the message to anyone else. I'd also want to know why the message got
as far as it did through the chain of defences, because I haven't seen
a mail message trigger a detection since last September and that's the
way I like things to be. Peaceful. Nothing to keep me awake at night.
Increasingly commonly, successful attacks employ many vulnerabilities
rather than a single one. Often these multiple vulnerabilities are
perceived as "low risk" individually, but when they're all brought
together by a competent attacker the result is a complete compromise
of the network. Misery. Any single detected threat is one too many.
--
73,
Ged.
_______________________________________________
clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/contact.html#ml