Hi Eric:
One thing I've noticed is that there's a message size limit on what
simscan/spamd/clamd will check. Messages over several megabytes are
skipped. Is there a config file somewhere controlling that?
Jeff
On 9/16/2020 2:07 PM, Eric Broch wrote:
Hi Jeff,
I'm not sure why ClamAV would miss a virus. Maybe they'd have a better
ideal on the ClamAV mailing list.
I've never really depended on ClamAV or Spamassassin, though I'd like
to, but when killing spam was absolutely necessary I used a third
party spam gateway.
Eric
On 9/16/2020 9:43 AM, Jeff Koch wrote:
We think we're having a problem with one of our mailservers whereby
user's PC's are getting hit with viruses. All mailservers have had
ClamAV recently updated to version 0.102.4. The logs at
/var/log/qmail/smtp and /var/log/qmail/submission show that ClamAV is
indeed analyzing emails and attachments so we're trying to figure out
how these viruses are getting through. We do see that most 'Virus
Drops' are due to spoofed domains. Very, very few are noted as
Trojans or actual viruses.
Can anyone share the results of:
grep simscan /var/log/qmail/smtp/current|tai64nlocal |less
showing that clamav is finding actual viruses?
Any thoughts or suggestions would be appreciated.
Jeff
