[clamav-users] Question about ClamAV
Arnaud Jacques / SecuriteInfo.com
webmaster at securiteinfo.com
Thu May 11 13:54:56 UTC 2017
Hello,
> is that a *technical* reason or do you *think* it's recommended for
> whatever reason
It is technical : we avoid duplicate signatures in our databases. It means
everyday we remove samples already detected by Clamav.
> - as example sanesecurity works just fine without the
> official stuff an dthe difference are hundrets of MB useless wasted RAM
> while i have not seen any relevant hit on our inbound MX caught by the
> official signatures which woul dhave slipped through sanesecurity
In your example you are right. On mail filtering, sanesecurity and
spam_marketing.ndb from SecuriteInfo.com are good enough to protect mailboxes,
because Win32 malwares are not spreaded by mail nowadays.
In any other case (system protection, HTTP scanning, file hosting, etc...) you
have to get Clamav official + 3rd party signatures for a maximum detection.
--
Best regards,
Arnaud Jacques
SecuriteInfo.com
Facebook : https://www.facebook.com/pages/SecuriteInfocom/132872523492286
Twitter : @SecuriteInfoCom
More information about the clamav-users
mailing list