[clamav-users] ClamAV+exim: scanner finds not a single malware

Michael D. L. clamav at cosis.dk
Mon May 23 08:24:45 EDT 2016



On 05/23/2016 01:43 PM, Michael Heseltine wrote:
> Hello all,
> I have recently modified my exim (4.82) configuration so that all 
> messages pass through clamav (0.99.2) first. Anything labeled as 
> malware should be rejected while the incoming SMTP connection is still 
> open (using an *acl_smtp_data* in exim).
>
> But so far, this setup has not detected a single malware. All messages 
> pass though without any notices:
>

Hi Michael,

I made a similar inquiry last week (Signature update schedule, and 
requirements for adding Signatures) - this was the responses:

My 2 cents would be that rapid traditional signature updates are not a viable solution to this long term problem.  I'm pretty sure the current generation of Locky, Dridex, Nemucod, etc. ransomware is generated using millions of tiny mutations so that almost every email attachment has a unique signature.  There is no way to keep up with that.  ClamAV got more than a million virus samples per day, last time I inquired.
...Chris
  

Best Regards
  Michael




More information about the clamav-users mailing list