[clamav-users] Are signatures for Windows only?

Graeme Fowler G.E.Fowler at lboro.ac.uk
Wed Mar 27 08:18:02 EDT 2019


On Mar 27, 2019, at 11:07, G.W. Haywood wrote:
> On that day's numbers it looks like ClamAV is rejecting about 5% of
> rejected mail.  Here, in fifteen months, it's rejected _less_ than
> 0.0002% (although I'll grant that both are likely poor statistics).

Hello, fellow Loughborough graduate :)

We have a large number of other checks in line before content gets accepted and messages get passed to ClamAV. I'm not going to detail them here as this is a public mailing list, but suffice to say that you only get your message scanned if it hasn't tripped one of a large number of other rules we have in place. We use Exim, so we have almost infinite flexibility at all decision points in the SMTP transaction flow.

Given ClamAV's extensible nature, we're making use of a number of 'unofficial' signature databases which catch an awful lot of bad behaviour. Actual infectious agents (viruses, trojans, RATs and so on) are a very small fraction of the whole - largely because the indiscriminate ones that spew forth from older botnets and infected hosts are rejected before they pass any content to us.

ClamAV is part of a many-layered defence-in-depth approach, but without it we'd have a significant gap.

Graeme


More information about the clamav-users mailing list