On Thu, Feb 24, 2022 at 02:31:09PM -0500, Alex wrote: > > I identified an 8MB false-positive.
And what rules caused it to be a false-positive? Size doesn't matter here. Fix the rules, add whitelisting etc. > Is it the case that spammers are sending malware as large as 8MB files now? Why wouldn't they? Bandwidth costs nothing and most servers these days even accept 50-100MB mails. This is why amavisd started truncating scanned messages in 2009, instead of just skipping processing. SA 3.4.3+ also have mitigations to happily scan huge messages.
