[Mimedefang] ClamAV effectiveness
David F. Skoll
dfs at roaringpenguin.com
Tue Jul 2 10:26:15 EDT 2013
On Mon, 1 Jul 2013 18:46:54 -0700
John Nemeth <jnemeth at cue.bc.ca> wrote:
> Do you perform this test before checking for viruses? I know
> I would, as a simple test to catch low hanging fruit like this is
> always going to run much faster then a virus scanner.
No, because in the big scheme of things it makes hardly any difference:
It would save us from having to run the virus scanner about 60K times
out of 2 million, or 3% of the time.
Also, we treat "suspicious" files differently from confirmed viruses,
so we'd have to virus-scan anyway.
> The 32 messages with zipped .exe files mentioned above were
> delivered to a MS Exchange server running "Symantec Mail Security
> for Microsoft Exchange". None of these messages were detected by
> Symantec as being malicious. Symantec logged 7 times that the
> attachment was encrypted and couldn't be scanned.
So are we moving into an era in which signature-based virus-scanning
has run out of steam? I've been predicting this for a while... maybe
it's finally happening.
More information about the MIMEDefang