DFS wrote on 03/20/2014 03:04:07 PM: > Post-Cisco, ClamAV seems to have greatly declined in usefulness. > It catches hardly anything anymore... anyone else experiencing this? > > In my experience, most of the commercial AV scanners for Linux are horrible. > They often use undocumented wire protocols making it difficult/impossible > to use them efficiently from MIMEDefang. The "MIMEDefang-friendliest" one > I know of is F-PROTD version 6. > > On our hosted anti-spam offering, we simply block outright *.EXE, *.SCR etc > whether directly attached or within zip files, RAR files, etc. So far > no-one has complained.
We haven't seen an increase in virii detected by McAfee or Symantec on servers downstream from our CanIt system. Maybe that's because blocking the unsafe extensions kills them before we even call ClamAV. Or are there fewer infections being sent by mail, rather focusing more on phishing emails? Confidentiality Notice: This electronic message and any attachments may contain confidential or privileged information, and is intended only for the individual or entity identified above as the addressee. If you are not the addressee (or the employee or agent responsible to deliver it to the addressee), or if this message has been addressed to you in error, you are hereby notified that you may not copy, forward, disclose or use any part of this message or any attachments. Please notify the sender immediately by return e-mail or telephone and delete this message from your system. _______________________________________________ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list [email protected] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
