Re: [exim] Question about ClamAV

Top Page
Delete this message
Reply to this message
Author: Patrick von der Hagen
Date:  
To: exim-users@exim.org
Subject: Re: [exim] Question about ClamAV
On 13.04.2016 09:41, pencho kuncho wrote:
> Hi,
> I already implemented Lena's solutions and thinking to stop ClamAV. It's only take resources ... by my opinion.

for me it felt easier to write a clamav-signature blocking js inside of
zips. And it hardly takes any resources, compared to SpamAssassin. But
it really depends on context. Do you use the "regular" signatures only
or did you add additional signature sets (e.g.
http://sanesecurity.com/usage/signatures/ ?)

For example, malwarepatrol.net offers the same signatures for clamav or
as a ruleset for SpamAssassin, but the clamav ones are way more
efficient. Running the clamav-ones I don't notice any difference in
processing, using the SpamAssassin ones my system suffers considerably.

So, if your clamav is running smoothly, I'd check alternative signatures
first, before disabling it.
https://github.com/extremeshok/clamav-unofficial-sigs is a great tool to
get automatical updates. I added quite a lot and I'm happy.

However, currently few antivirus solutions will update signatures quick
enough to be really effective against current malware. Not accepting
bogus messages in the first place seems to be the better option.


--
Karlsruher Institut für Technologie (KIT)
Steinbuch Centre for Computing (SCC)

Patrick von der Hagen

Zirkel 2, Gebäude 20.21, Raum 004.2
76131 Karlsruhe
Telefon: +49 721 608-46433
E-Mail: hagen@???
Web: http://www.scc.kit.edu

KIT – Die Forschungsuniversität in der Helmholtz-Gemeinschaft