[Mimedefang] MIMEDefang Digest, Vol 132, Issue 3

[G.W. Haywood]

Hi there,

On Thu, 18 Sep 2014,  Nels Lindquist wrote:

Re: ClamAV + SaneSecurity signatures

> I've been thinking of experimenting with some of the additional ClamAV
> signatures distributed by SaneSecurity in an attempt to beef up
> malware detection a bit.
>
> Has anyone done much on this front?  If so, what's your experience?

I've been using the Sanesecurity signatures for quite a few years.
They're the only reason I continue to use ClamAV.  They work well.

> Given the way that ClamAV is used in a typical MD setup, I'm really
> only interested in malware detection; I'd prefer to leave phishing,
> spam, etc. detection to SpamAssassin for aggregate scoring rather than
> an all-or-nothing detect and drop policy.

Then my recommendation would be to get a better anti-virus package.
In my opinion ClamAV is more or less useless for anything other than
the phishing signatures etc. for which I use it.  I would not rely on
it to keep a network populated with Windows machines safe from harm.
Very few of the examples of malware which make it past my filters are
detected by ClamAV when I upload them to Jotti's malware scan, and if
you read the ClamAV mailing list recently you'll see that there's are
issues with both detection rates and false positive rates.

I'll leave it to you to decide what you think of the responses on the
list from the people at Sourcefire.

--

73,
Ged.