Hi Dennis and others, thanks for pointing out that this has been discussed already. Sorry about that; I only searched for "Email.FreeGame" and got to this thread (I wasn't subscribing).
Hi Bill, > If one is not scanning at transport time, then since the infected message has > already been delivered, it could very well be that it has also executed it's > payload and scanning the mbox file after-the-fact is too late. "better late than never" :-/ I do scan mails on arrival at the mail server, but also do nightly scans on the mailserver and fileserver (webmail users have mailboxes on the mailserver, outlook users have .pst on the fileserver). Suppose for example that the user gets just-released malware, not yet in the signature database. It passes by the mailserver scan unharmed, but when it does get in the signatures database, at least I'll know that this and that guy were exposed, if they still have the mail in their mailboxes. There is also a good chance that they haven't "bought" it (I have done a good job making them all very paranoid), so they didn't open/executed/fell for the bait, or that the malware is still sitting in their mail spool over the weekend unopened. BR, Joao S Veiga _______________________________________________ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
