[Mimedefang] ClamAV effectiveness

kd6lvw at yahoo.com kd6lvw at yahoo.com
Fri Jun 28 14:34:07 EDT 2013

--- On Fri, 6/28/13, David F. Skoll <dfs at roaringpenguin.com> wrote:
> I assume a few people on this list use ClamAV.  Have you noticed that
> it has become next to useless for detecting viruses?  The latest rash of
> fax spams that contain EXEs inside ZIPs just seem to sail past ClamAV.
> We always hold EXEs and EXEs inside ZIPs, so our clients are safe, but
> really ClamAV is not doing its job.
> Are others noticing it?  And if you use commercial AV software, does it
> seem to do a better job than ClamAV?

I am not experiencing that which you described.  I am seeing an occasional virus attempt (perhaps once per month); usually "SoBig".

I do also see one annoying false positive pattern from their anti-phishing structure in that it also flags the LEGITIMATE messages coming from my bank in addition to phishing attempts.  Fortunately, my bank's message is merely that there's a message in its internal mail system that I have to log in and pick up, so nothing is lost.  However, the ClamAV people claim to need the real message to fix the problem -- which I don't receive because it is rejected due to the false positive problem.  Argh!

More information about the MIMEDefang mailing list