Greg Wright wrote: > Thanks all for the thoughts. > > It was as I expected. The risk of a message getting past ClamAV is > relatively high, and the chance that a desktop scanner would catch a > 0day is medium to low meaning that we really do need a gateway > scanning util such as GFI etc in the middle. > > I do feel, however, that I can largely prevent viruses using asp > alone. I know that to be true in my implementation, however I monitor > it almost daily via syslog on my monitoring screen so I often notice > when things start slipping by, this would not be the case for my > client.
I find the delaying and HELO checks, when enabled, will stop most bot viruses. I still run Trend Micro on my Exchange server but i don't see more than one or two hits every few months. I would never recommend someone to rely on ClamAV only, but i do recommend that you run it with ASSP (with the SaneSecurity signatures) in addition to your normal AV. Kevin ------------------------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/ _______________________________________________ Assp-user mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/assp-user
