[clamav-users] Low detection rate

Brian Morrison bdm at fenrir.org.uk
Mon Mar 3 11:50:25 EST 2014


On Mon, 03 Mar 2014 14:00:16 +0000
Steve Hill wrote:

> On 03.03.14 13:49, Shawn Webb wrote:
> 
> > You can submit files you suspect are legitimate malware here:
> > http://www.clamav.net/lang/en/sendvirus/
> 
> As mentioned, I've already done that, but my concern is trying to
> figure out why Clam only seems to be blocking phishing emails rather
> than actual malware - have I got something wrong in my configuration,
> or is Clam's detection engine and signature database *really* unable
> to detect all this malware?
> 
> 

Steve is your Exim installation set up to reject mail on spamminess,
using SpamAssassin or similar?

I find that SA detects a lot of mail using SA rules that probably
contain attachments or inline images that are virus laden, but it's
cheaper on system resources to reject at SMTP time than running ClamAV
on every mail received.

-- 

Brian Morrison



More information about the clamav-users mailing list