[clamav-users] ClamAV+exim: scanner finds not a single malware
cdc at post.com
Mon May 23 08:44:33 EDT 2016
Hi Michael and Michael,
You may want to look at sanesecurity[.]org. They have a supplemental ClamAV database that
is supposed to be better at detecting the current scourge of ransomware and malware. It
was recommended to me when I noted that ClamAV seems to miss a LOT of the current malware,
but I have not tried it yet.
>>On 05/23/2016 01:43 PM, Michael Heseltine wrote:
>> Hello all,
>> I have recently modified my exim (4.82) configuration so that all
>> messages pass through clamav (0.99.2) first. Anything labeled as
>> malware should be rejected while the incoming SMTP connection is still
>> open (using an *acl_smtp_data* in exim).
>> But so far, this setup has not detected a single malware. All messages
>> pass though without any notices:
>I made a similar inquiry last week (Signature update schedule, and
>requirements for adding Signatures) - this was the responses:
>>>My 2 cents would be that rapid traditional signature updates are not a viable solution to this long term problem.
>>>I'm pretty sure the current generation >>>of Locky, Dridex, Nemucod, etc. ransomware is generated using millions
>>>of tiny mutations so that almost every email attachment has a unique signature. >>>There is no way to keep up with
>>>that. ClamAV got more than a million virus samples per day, last time I inquired.
More information about the clamav-users