[clamav-users] ClamAV+exim: scanner finds not a single malware
Joel Esler
jesler at cisco.com
Mon May 23 19:21:09 UTC 2016
On Mon, May 23, 2016 at 08:56:57PM +0200, Groach wrote:
>On 23/05/2016 20:39, Dave McMurtrie wrote:
>>On Mon, 2016-05-23 at 19:52 +0200, C.D. Cochrane wrote:
>>ClamAV is fast, free, easy to integrate with just about any MTA and
>>it's actively developed. We've been running it for years, along with
>>the SaneSecurity signatures and it's been working well for us. If
>>there's a better alternative, I'd be interested in learning about
>>it.
>For the record, I too am using Clam (Clamwin, actually) as the inline
>email scanner for our MTA but thats only because we have subscribed to
>SaneSignatures (a money donation well worth it). Without Sane the clam
>default sigs are a joke (sometimes taking MONTHS to appear after the
>threat release, sometimes not even there for years later. Ive proven,
>all of these points, with evidence, in the past). Sane sigs, however,
>made the solution better if not the BEST compared to ALL OTHER
>commercial releases for trapping Zero-hour threat (they really put the
>'zero hour' in to "zero hour" unlike other AV providers taking 'many
>hours' (sometimes even "a day or two") to respond with their "zero
>hour" signatures.
>
>The one lesson I did learn though was never to automatically
>quarantine or delete 'infected' files (put it in REPORT ONLY scan
>mode). Historically Clam sigs had far too many False Positives which
>famously culminated in disabling complete systems earlier this year
>(windows specifically) because they deleted system DLL files and other
>genuine programs - even its own Clam program! (Admittedly, since
>March, the rate of FP's seem to have been reduced. Whether thats
>because of the new signature format or what I dont know).
Several reasons. Partly because of your concerns which brought things to our attention. False Positive reports are important!
--
Joel Esler
Manager, Threat Intelligence Team & Open Source
Talos Group
http://www.talosintel.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 163 bytes
Desc: not available
URL: <https://lists.clamav.net/pipermail/clamav-users/attachments/20160523/5201e8f2/attachment.sig>
More information about the clamav-users
mailing list