[Mimedefang] ClamAV effectiveness (was Re: MIMEDefang Digest, Vol 132, Issue 3)

David F. Skoll dfs at roaringpenguin.com
Thu Sep 18 12:45:41 EDT 2014

On Thu, 18 Sep 2014 17:33:44 +0100 (BST)
"G.W. Haywood" <mimedefang at jubileegroup.co.uk> wrote:

> In my opinion ClamAV is more or less useless for anything other than
> the phishing signatures etc. for which I use it.

Seconded.  ClamAV has become almost completely useless since the
Sourcefire and then Cicso acquisition.  It's a fine engine, but signatures
are awful.

On our hosted anti-spam service, we outright block executables as well
as executables contained within archive files like ZIP, ARJ, .tar.gz, etc.

If you want to do this, see the "lsar" package that can scan many types
of archives and extract filenames.  It's packaged with Debian and home page
is http://unarchiver.c3.cx/commandline



More information about the MIMEDefang mailing list