[Mimedefang] ClamAV effectiveness
kd6lvw at yahoo.com
kd6lvw at yahoo.com
Fri Jun 28 14:34:07 EDT 2013
--- On Fri, 6/28/13, David F. Skoll <dfs at roaringpenguin.com> wrote:
> I assume a few people on this list use ClamAV. Have you noticed that
> it has become next to useless for detecting viruses? The latest rash of
> fax spams that contain EXEs inside ZIPs just seem to sail past ClamAV.
> We always hold EXEs and EXEs inside ZIPs, so our clients are safe, but
> really ClamAV is not doing its job.
>
> Are others noticing it? And if you use commercial AV software, does it
> seem to do a better job than ClamAV?
I am not experiencing that which you described. I am seeing an occasional virus attempt (perhaps once per month); usually "SoBig".
I do also see one annoying false positive pattern from their anti-phishing structure in that it also flags the LEGITIMATE messages coming from my bank in addition to phishing attempts. Fortunately, my bank's message is merely that there's a message in its internal mail system that I have to log in and pick up, so nothing is lost. However, the ClamAV people claim to need the real message to fix the problem -- which I don't receive because it is rejected due to the false positive problem. Argh!
More information about the MIMEDefang
mailing list