[clamav-users] ClamAV+exim: scanner finds not a single malware
Michael D. L.
clamav at cosis.dk
Mon May 23 08:24:45 EDT 2016
On 05/23/2016 01:43 PM, Michael Heseltine wrote:
> Hello all,
> I have recently modified my exim (4.82) configuration so that all
> messages pass through clamav (0.99.2) first. Anything labeled as
> malware should be rejected while the incoming SMTP connection is still
> open (using an *acl_smtp_data* in exim).
> But so far, this setup has not detected a single malware. All messages
> pass though without any notices:
I made a similar inquiry last week (Signature update schedule, and
requirements for adding Signatures) - this was the responses:
My 2 cents would be that rapid traditional signature updates are not a viable solution to this long term problem. I'm pretty sure the current generation of Locky, Dridex, Nemucod, etc. ransomware is generated using millions of tiny mutations so that almost every email attachment has a unique signature. There is no way to keep up with that. ClamAV got more than a million virus samples per day, last time I inquired.
More information about the clamav-users