You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
MiscreantPunch099-Low.ldb, low false positive for usage with clamav 0.99+ (yara)
This is currently being used for distribution elsewhere and is designed for wide distribution across many environments. It has a "Low" FP rate.
miscreantpunch.hdb, false positive is low, medium, high ? Only use for clamav 0.98 and lower?
This would be considered "Low" FP rate, as it just hashes of known evil stuff. This can be used in any clam version.
miscreantpunch099.ldb, false positive is medium, high ? can this be used with MiscreantPunch099-Low.ldb ?
miscreantpunch099.ldb and MiscreantPunch099-Low.ldb are very very similar. MiscreantPunch099-Low.ldb is designed for widespread distribution and miscreantpunch099.ldb is nearly identical, just less housekeeping compared to MiscreantPunch099-Low.ldb. I would suggest only distributing MiscreantPunch099-Low.ldb.
Have I missed/ommited any other database files ?
I would consider adding MiscreantPunch099-INFO-Low.ldb, which is more of "low/medium" level of FPs. This ruleset contains informational sigs (read as: not always malicious) but could be useful.
Please do not hesitate to reach out with any other questions or concerns!
Hi
Please could you clarify the following, as I would like to include them in the latest version of the clamav-unofficial-sigs
MiscreantPunch099-Low.ldb, low false positive for usage with clamav 0.99+ (yara)
miscreantpunch.hdb, false positive is low, medium, high ? Only use for clamav 0.98 and lower?
miscreantpunch099.ldb, false positive is medium, high ? can this be used with MiscreantPunch099-Low.ldb ?
Thanks
The text was updated successfully, but these errors were encountered: