[Mimedefang] ClamAV effectiveness

David F. Skoll dfs at roaringpenguin.com
Fri Jun 28 16:52:11 EDT 2013

On 28 Jun 2013 22:18:00 +0200
Hullen at t-online.de (Helmut Hullen) wrote:

> Such a type of suspicious file you should detect with another routine
> - it's faster, and it seems to be reliable enough especially for
> news viruses.

Yes, I agree and we do that.  However, here's the problem: I'm confident
enough to outright discard messages that ClamAV detects as a virus.  I
would dearly love to do the same with *all* EXE files, but our users
would revolt.  So instead, we quarantine them.

If ClamAV detected a higher proportion of viruses, then there would be
fewer quarantined incidents and (more importantly) less danger of an
unsophisticated user releasing a virus from the quarantine.

We put a giant warning icon in the quarantine user-interface if there's
an EXE, but users ignore giant warning icons. :(



More information about the MIMEDefang mailing list