Please, help me PUA On-access detection in Sophos Linux

Nobody ???

For a very good reason, this is not the correct forum. This is a firewall forum.

One of the moderators might read you request and move you to the correct forum.

Ian

QC said:

Why do you want to for PUAs and which PUAs do you have in mind?

Christian

Hello Henrique RJ,

can't say why the -pua option is only available from the command-line. Perhaps DouglasLeeder can tell.

Christian

DouglasLeeder is a Sophos Linux progammer ?

Hi,

There isn't any particular reason why PUA detection is only available for savscan, it was just never requested as a feature for on-access or scheduled scans.

The PUAs we detect are (primarily) for Windows, so wouldn't detect very much on Linux.

Thanks,

Douglas.

DouglasLeeder said:

Hi,

 

There isn't any particular reason why PUA detection is only available for savscan, it was just never requested as a feature for on-access or scheduled scans.

The PUAs we detect are (primarily) for Windows, so wouldn't detect very much on Linux.

 

Thanks,

Douglas.

 

Thanks DouglasLeeder 

PUAs include phishings and miners in Linux ?

Hi,

I'm afraid I don't know for certain, but I think PUA only include Windows programs, such as Adware.

Thanks,

Douglas.

DouglasLeeder said:

Hi,

 

I'm afraid I don't know for certain, but I think PUA only include Windows programs, such as Adware.

 

Thanks,

Douglas.

 

But phishings and miners signatures are downloaded regularmentary in updates for savupdate.

Why on-access don't detect it ?

Hello,

[disclaimer: just observations, no inside knowledge]
right now there are several miners in the Latest PUAs list. Miners running on Linux are categorized as Viruses and Spyware/Trojans.

Adware and PUA for Mac OS X (like MacKeeper) detection has been added in 2015. PUA isn't AdWare, a number of legitimate software (like several programs in the Sysinternals/Microsoft PSTools collection) is classified as PUA.

signatures are downloaded
@Henrique RJ - signatures is perhaps not the ideal term as it elicits certain connotations (especially the one that "signatures" are independent and self-contained items that the scanner uses one after the other one a file until it either gets a hit or the list is exhausted). A detection item is part of a decision network, you can think of it as a set of instructions mostly working top down, i.e. refining the assessment, calling or branching to other items in the process. A classification as AdWare is not necessarily an afterthought. In other words, detection items aren't subdivided into those for viruses, others for Trojans, and so on.

Christian

QC said:

Hello,

[disclaimer: just observations, no inside knowledge]
right now there are several miners in the Latest PUAs list. Miners running on Linux are categorized as Viruses and Spyware/Trojans.

Adware and PUA for Mac OS X (like MacKeeper) detection has been added in 2015. PUA isn't AdWare, a number of legitimate software (like several programs in the Sysinternals/Microsoft PSTools collection) is classified as PUA.

signatures are downloaded
@Henrique RJ - signatures is perhaps not the ideal term as it elicits certain connotations (especially the one that "signatures" are independent and self-contained items that the scanner uses one after the other one a file until it either gets a hit or the list is exhausted). A detection item is part of a decision network, you can think of it as a set of instructions mostly working top down, i.e. refining the assessment, calling or branching to other items in the process. A classification as AdWare is not necessarily an afterthought. In other words, detection items aren't subdivided into those for viruses, others for Trojans, and so on.

Christian

 

So Sophos in Linux don't detect phishings ?

No has any " out off " tip to make on-access detect miners and phishings ?

Any secret tip or tweak ?

No has any " out off " tip to make on-access detect miners and phishings ?

Any secret tip or tweak ?