Paul Kosinski wrote: > In December 2006, we were running ClamAV 0.88.7, and there were still > a fair number of "real" viruses being detected in inbound email. Now > running 0.91.2 and 0.92, there seem to be only phishing attempts, and > not even very many of them. In fact it seems that our log file shows > almost as many (hourly) signature update messages as phish detections > (much less "real" virus detections). > > Have other ClamAV users experienced a similar decline in email > attacks? > > P.S. I haven't disabled anything in our local conf file, and I don't > think there is any upstream AV. (Our domain's first level mail server > runs on a dedicated machine at our Web provider, but doesn't run any > AV there since it simply relays to our local gateway, where admin is > easier.)
You didn't provide any numbers, but it is no surprise you now see a lot of scams and phishing stuff as you weren't seeing those before. But the rate of old school viruses detected should remain approximately constant. On my servers the rate of old fashion viruses remains rather constant over time but a detailed view shows they come in waves possibly indicating re-infection of target machines. In many cases the payload of these viruses is a phishing and scam messaging bot. Consequently, phishing and scam messages, offering a real monetary return to the creator, are growing quickly. They are now the reason for the viruses. There are probably still viruses that are intended to simply trash the machine being distributed but that is no longer the norm. In fact those kinds of viruses would probably be of some value today at reducing the amount of other junk mail. It's often been suggested that a good bot killer virus would be a good thing for the Internet. I'm almost ready to agree. dp _______________________________________________ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html