SaneSecurity :: winnow Exploit Detection Signatures
Steve from Sanesecurity would like to to announce the launch of Winnow ClamAV Exploit Detection Signatures.
Winnow signatures offer the following feature sets:
The three databases distributed at the moment are:
- Malware received but not currently detected by official ClamAV signatures, including: Phishing, including financial, gaming, email, networking, social, trading, retail, government, file sharing
- Fraud, including: fake banks, escrows, shippers, 419s, jobs, mules, money laundering
- Hacked and exploited hosts
- Rogue domains harboring malware/spam/etc.
For more details: winnow ClamAV Threat Detection Signatures
- winnow_malware.hdb - Current virus, trojan and other malware not yet detected by ClamAV.
- winnow_phish_complete.ndb - Signatures to detect phishing and other malicious url's and compromised hosts - derived in a similar fashion as SURBL but with special processing to remove the possibility of false positives. (Recommended)
- winnow_phish_complete_url.ndb - Similar to winnow_phish_complete.ndb except that entire urls's are used to derive the signatures rather than carefully selected hosts. (Conservative)
Download scripts will be available shortly for these signatures on the new mirrors.