Zitat von Alex <[email protected]>:
We all have clamav+sanesecurity, but what others are people using? Sophos is horrible. Hardly worth it. It doesn't scan for nearly any of the popular vectors now.
The truth is that all virus scanners do suck equally at preventing the spread of new viruses at all. Because when a new wave hits the fan, the antivirus companies first need to update their signature databases and then you still need to download the update, which gives the bad guys plenty of time to spread their unholy stuff like wild fire.
So having an antivirus scanner just gives some kind of protetection against already known virus, nothing less, nothing more. It should be always combined with rules concerning file extension filtering.
Some years ago a guy from a German University at the mail server conference from Heinlein Academy showed some interesting diagrams on exactly that kind of matter, he used two virus scanners on the same system.
The setup was that the second virus scanner only fires up if the first one doesn't have anything to complain about.
First he had Sophos as first virus scanner with Clamavd as second; after checking his stats however he found out that Clamavd was the superior scanner, caching more stuff and reversed his scanning cascade order.
So taking this into account, such an email scanner even might give the users a false sense of security cushion which in reality is not there. The best thing still to do is to teach them on which attachments to open and which not on their system.
