[clamav-users] Low detection rate

Dennis Peterson dennispe at inetnw.com
Mon Mar 3 11:59:10 EST 2014


On 3/3/14, 8:50 AM, Brian Morrison wrote:

>
> Steve is your Exim installation set up to reject mail on spamminess,
> using SpamAssassin or similar?
>
> I find that SA detects a lot of mail using SA rules that probably
> contain attachments or inline images that are virus laden, but it's
> cheaper on system resources to reject at SMTP time than running ClamAV
> on every mail received.
>

Given that he received an attachment that is suspicious it indicates it got past 
all his smtp defenses. Next is to find out if that attachment is actually 
malware or other evil thing and if so create and distribute a signature.

In my environments the unofficial signatures from Sane Security stop 10 times 
the volume of official signatures. This has been true for several years and 
several very large businesses.

However - there's never been a problem that has come in via email - they've 
always come in on laptops and VPN-connected remote systems.

dp



More information about the clamav-users mailing list