[clamav-users] ClamAV+exim: scanner finds not a single malware
groachmail-stopspammingme at yahoo.com
Mon May 23 14:56:57 EDT 2016
On 23/05/2016 20:39, Dave McMurtrie wrote:
> On Mon, 2016-05-23 at 19:52 +0200, C.D. Cochrane wrote:
> ClamAV is fast, free, easy to integrate with just about any MTA and
> it's actively developed. We've been running it for years, along with
> the SaneSecurity signatures and it's been working well for us. If
> there's a better alternative, I'd be interested in learning about it.
For the record, I too am using Clam (Clamwin, actually) as the inline
email scanner for our MTA but thats only because we have subscribed to
SaneSignatures (a money donation well worth it). Without Sane the clam
default sigs are a joke (sometimes taking MONTHS to appear after the
threat release, sometimes not even there for years later. Ive proven,
all of these points, with evidence, in the past). Sane sigs, however,
made the solution better if not the BEST compared to ALL OTHER
commercial releases for trapping Zero-hour threat (they really put the
'zero hour' in to "zero hour" unlike other AV providers taking 'many
hours' (sometimes even "a day or two") to respond with their "zero hour"
The one lesson I did learn though was never to automatically quarantine
or delete 'infected' files (put it in REPORT ONLY scan mode).
Historically Clam sigs had far too many False Positives which famously
culminated in disabling complete systems earlier this year (windows
specifically) because they deleted system DLL files and other genuine
programs - even its own Clam program! (Admittedly, since March, the rate
of FP's seem to have been reduced. Whether thats because of the new
signature format or what I dont know).
More information about the clamav-users