Hi Jeff,
I'm not sure why ClamAV would miss a virus. Maybe they'd have a better
ideal on the ClamAV mailing list.
I've never really depended on ClamAV or Spamassassin, though I'd like
to, but when killing spam was absolutely necessary I used a third party
spam gateway.
Eric
On 9/16/2020 9:43 AM, Jeff Koch wrote:
We think we're having a problem with one of our mailservers whereby
user's PC's are getting hit with viruses. All mailservers have had
ClamAV recently updated to version 0.102.4. The logs at
/var/log/qmail/smtp and /var/log/qmail/submission show that ClamAV is
indeed analyzing emails and attachments so we're trying to figure out
how these viruses are getting through. We do see that most 'Virus
Drops' are due to spoofed domains. Very, very few are noted as Trojans
or actual viruses.
Can anyone share the results of:
grep simscan /var/log/qmail/smtp/current|tai64nlocal |less
showing that clamav is finding actual viruses?
Any thoughts or suggestions would be appreciated.
Jeff
