[clamav-users] ClamAV+exim: scanner finds not a single malware

Groach groachmail-stopspammingme at yahoo.com
Mon May 23 15:33:10 EDT 2016


On 23/05/2016 21:21, Joel Esler wrote:
> On Mon, May 23, 2016 at 08:56:57PM +0200, Groach wrote:
>> On 23/05/2016 20:39, Dave McMurtrie wrote:
>>> On Mon, 2016-05-23 at 19:52 +0200, C.D. Cochrane wrote:
>>> ClamAV is fast, free, easy to integrate with just about any MTA and 
>>> it's actively developed. We've been running it for years, along with 
>>> the SaneSecurity signatures and it's been working well for us. If 
>>> there's a better alternative, I'd be interested in learning about it.
>> For the record, I too am using Clam (Clamwin, actually) as the inline 
>> email scanner for our MTA but thats only because we have subscribed 
>> to SaneSignatures (a money donation well worth it). Without Sane the 
>> clam default sigs are a joke (sometimes taking MONTHS to appear after 
>> the threat release, sometimes not even there for years later.  Ive 
>> proven, all of these points, with evidence, in the past).  Sane sigs, 
>> however, made the solution better if not the BEST compared to ALL 
>> OTHER commercial releases for trapping Zero-hour threat (they really 
>> put the 'zero hour' in to "zero hour" unlike other AV providers 
>> taking 'many hours' (sometimes even "a day or two") to respond with 
>> their "zero hour" signatures.
>>
>> The one lesson I did learn though was never to automatically 
>> quarantine or delete 'infected' files (put it in REPORT ONLY scan 
>> mode).  Historically Clam sigs had far too many False Positives which 
>> famously culminated in disabling complete systems earlier this year 
>> (windows specifically) because they deleted system DLL files and 
>> other genuine programs - even its own Clam program! (Admittedly, 
>> since March, the rate of FP's seem to have been reduced.  Whether 
>> thats because of the new signature format or what I dont know).
>
> Several reasons.  Partly because of your concerns which brought things 
> to our attention.  False Positive reports are important!

Positive responses to peoples concerns are always worthy of recognition 
and credit where credit is due.  Thank you for addressing them. Nice to 
hear..



More information about the clamav-users mailing list