Hi , > Mainly, we get these virus via E-mail. ...
Can I assume that it's clamd which scans these emails? Yes. Clamd scans the e-mails > OLE2BlockMacros = "yes" There are other settings which you might want to investigate. See for example the 'Alert...' options in the clamd.conf man page which mostly default to 'no'. I will check the Alert option in Clamd.conf > mail/clamav-milter.conf not found If you do not use clamav-milter, what takes the message from the mail server and presents it to clamd? Do you have evidence that clamd at least finds some threats (of whatever kind) in your incoming mail? I use MailScanner and MailScanner takes the message from postfix and present it to clamd. Yes, I have the evidence that Clamd finds threats, but it cannot detect some of the threats > I can put the viruses in a FTP server and share them with you. Please do. Please provide the files as complete original email messages, not just as the attached files (and let me know where I can find them of course. :) I will share the complete messages that stored by MailScanner and I will share the FTP access details separately. Daily I will share the threats that were not detected by Clamd > Usually, I forward the virus mails to Sanesecurity. +1 You might want to send them to the ClamAV team too, and perhaps also to Securiteinfo - the maintainer of those signatures has occasionally asked on this list for samples to be sent to him. The ClamAV team is more interested in malware/phishing than spam. How can I share the threats with ClamAV Team. Can I share the same FTP access details Thanks again for your great explanation and support. Regards Chaminda Indrajith _______________________________________________ clamav-users mailing list [email protected] https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
