Hi,
Excellent... except for one potential problem... this is in their
"foxhole_all.cdb" file which they label as "high false positive risk"
- which could scare some away!
For those who don't score very high on ClamAv and/or who are able to
score DIFFERENTLY based on different types of Sanesecurity and/or
ClamAv results, this is probably OK. But for others who prefer to
either outright block or score high on ClamAv, that MIGHT present a
problem. On the other hand, maybe Sanesecurity is just being overly
cautious (or considering more theoretical FNs?), and such actual FPs
in real world mail flow are actually extremely rare?
Any Thoughts? Anyone know?
That's interesting because I probably wouldn't have started using
foxhole_all.cdb if it had been classified like that then. I am not
getting any reports or finding any problems with FPs.
foxhole_all is just a few dozen(?) lines of rules to tag file types
within zip/rar/7z/arj/exe files.
Perhaps because you're outright rejecting many of these file types already?
Regards,
Dave
3,110,729 total messages* since March 15th
112,477 spam blocked
2,071 total viruses found
8 Foxhole viruses found
*After MTA rejects based on RBLs and other DNS checks
--
Dave Jones
