[clamav-users] Low detection rate
dennispe at inetnw.com
Mon Mar 3 11:59:10 EST 2014
On 3/3/14, 8:50 AM, Brian Morrison wrote:
> Steve is your Exim installation set up to reject mail on spamminess,
> using SpamAssassin or similar?
> I find that SA detects a lot of mail using SA rules that probably
> contain attachments or inline images that are virus laden, but it's
> cheaper on system resources to reject at SMTP time than running ClamAV
> on every mail received.
Given that he received an attachment that is suspicious it indicates it got past
all his smtp defenses. Next is to find out if that attachment is actually
malware or other evil thing and if so create and distribute a signature.
In my environments the unofficial signatures from Sane Security stop 10 times
the volume of official signatures. This has been true for several years and
several very large businesses.
However - there's never been a problem that has come in via email - they've
always come in on laptops and VPN-connected remote systems.
More information about the clamav-users