Please, help me PUA On-access detection in Sophos Linux

Nobody ???

For a very good reason, this is not the correct forum. This is a firewall forum.

One of the moderators might read you request and move you to the correct forum.

Ian

Nothing ???

Any hot tip ?

oh come on people, I need one tweaking configuration for Sophos Linux to detect phishings, adwares, PUAs and miners in on-access ( the assinatures exists, it's downloaded every weeks, I look that ).

thks

Hello Henrique RJ,

why did you choose Linux as your desktop OS in the first place? No offence intended but wanting to tweak security software and being afraid of phishing does IMO not really fit together.

Christian

QC said:

Hello Henrique RJ,

why did you choose Linux as your desktop OS in the first place? No offence intended but wanting to tweak security software and being afraid of phishing does IMO not really fit together.

Christian

 

Christian

Actually I considere Windows 10 extremally problematic.

Look for this list in image:

The select file is a " phis-clu.ide "

It's a phishing assignature in the directory /opt/sophos-av/lib/sav/ downloaded in 27th may 2018

Why Sophos AV Linux don't detect it ( on-access ) ?

Who activate this detection in on-access ?

That is a question.

Thanks !!!

Hello Henrique RJ,

Sophos AV Linux don't detect it
doesn't detect which it? I'm not sure I understand what you expect. How can you tell what phis-clu.ide is supposed to detect? And how do you know that this detection is not activated? Do you have a sample that triggers Troj/Phish-CLU detection on Windows but not on Linux?

Christian 

QC said:

Hello Henrique RJ,

Sophos AV Linux don't detect it
doesn't detect which it? I'm not sure I understand what you expect. How can you tell what phis-clu.ide is supposed to detect? And how do you know that this detection is not activated? Do you have a sample that triggers Troj/Phish-CLU detection on Windows but not on Linux?

Christian 

 

I tested others phishings sites ( by PhishTank ) detecteds for Sophos in VirusTotal anda in my Linux it don't detect.

Example: www.virustotal.com/

Hello Henrique RJ,

PhishTank deals with sites, On-Access scans files. As far as I can see the example site is blocked by Web Protection (which is not available on Linux) - the On-Access scanner and its detection items don't come into play here.

Christian

QC said:

Hello Henrique RJ,

PhishTank deals with sites, On-Access scans files. As far as I can see the example site is blocked by Web Protection (which is not available on Linux) - the On-Access scanner and its detection items don't come into play here.

Christian

 

Disagree

Eureka !!!

Sophos in Linux finaly detection a phishing page.

Look

The object detected in VirusTotal: " Dropbox - sign in.html "

www.virustotal.com/

Detection for link:

www.virustotal.com/

As you can see from the popup - that is a detection on a file (in the mozilla cache).

Nothing to do with the network connection or the URL being fetched.

As you can see from the popup - that is a detection on a file (in the mozilla cache).

Nothing to do with the network connection or the URL being fetched.

DouglasLeeder said:

As you can see from the popup - that is a detection on a file (in the mozilla cache).

Nothing to do with the network connection or the URL being fetched.

 

Thats right

For detect URL I have the Firefox and uBlock Origin protection.

From the VirusTotal link you can see the detection for signature ( phishing ) in file " Dropbox sign in.html ".

Thanks

Hi Henrique RJ,

The reported URL in Virustotal is detected by the Network or MTD of Sophos AV that is not available in the Linux.

The detection that you see is for the file that is locally stored in the machine via the browser which will be picked by the SAV.

Gowtham Mani said:

Hi Henrique RJ,

The reported URL in Virustotal is detected by the Network or MTD of Sophos AV that is not available in the Linux.

The detection that you see is for the file that is locally stored in the machine via the browser which will be picked by the SAV.

 

Yes now I know

Thanks