[Mimedefang] ClamAV effectiveness

David F. Skoll dfs at roaringpenguin.com
Tue Jul 2 10:26:15 EDT 2013

On Mon, 1 Jul 2013 18:46:54 -0700
John Nemeth <jnemeth at cue.bc.ca> wrote:

>      Do you perform this test before checking for viruses?  I know
> I would, as a simple test to catch low hanging fruit like this is
> always going to run much faster then a virus scanner.

No, because in the big scheme of things it makes hardly any difference:
It would save us from having to run the virus scanner about 60K times
out of 2 million, or 3% of the time.

Also, we treat "suspicious" files differently from confirmed viruses,
so we'd have to virus-scan anyway.

> The 32 messages with zipped .exe files mentioned above were
> delivered to a MS Exchange server running "Symantec Mail Security
> for Microsoft Exchange". None of these messages were detected by
> Symantec as being malicious. Symantec logged 7 times that the
> attachment was encrypted and couldn't be scanned.

So are we moving into an era in which signature-based virus-scanning
has run out of steam?  I've been predicting this for a while... maybe
it's finally happening.



More information about the MIMEDefang mailing list