Re: [exim] two stage virus scan

Top Page
Delete this message
Reply to this message
Author: W B Hacker
Date:  
To: exim users
Subject: Re: [exim] two stage virus scan
David Saez Padros wrote:

> Hi !!
>
>
>>>you could use clamav and have virus protection for all your users for
>>>free.
>>
>>unfortunately this is not a solution for the problem I described.
>>
>>1. Please don't start a discussion about ClamAV, but ClamAV doesn't do
>>its job very well, because the virus signatures always lag behind
>>signatures of the big players
>
>
> mmm ... i'm using it for years and never seen as virus pass through it.
> Anyway i must say that we catch almost all viruses by recognizing helo
> patterns and that very little reach clamav.
>


We had a Windows-specific one slip by ClamAV several months ago,
in an attachment that was reported as suspicious by a human in
userland (on a still-immune-at-the-time Mac Mini).

F-Prot was the first 'major player' to detect it, some 15 hours
later, but Clam-AV was also up-to-date with it within approx 27
hours, or roughly 12 hours after F-Prot, so 'good enough', given
that *no one* was or could be expected to be, 100% current.
Hueristics were not enough in this case.

No idea how long it had been in the wild before we saw it, but
given our small size and a '.ch' tld, surely we were not even in
the first wave.

FWIW....

Bill