> Chuck Swiger wrote: > > It's certainly possible for a large Word/Excel/whatever file to be > > infected, but they aren't very common. Out of the 400+ viruses > > quarantined over the past week or so on one of my mail servers, the > > average size was 11KB, and the largest malicious email was 116KB (it > > contained Worm.Bagle.pwd-eml). > > On Thu, 2007-03-29 at 14:17 -0500, Michael Brown wrote: > I have to agree, in the technical sense that if you allow larger > attachments it really starts to sap the resources. I originally allowed > 400MB attachment scanning and it would really load down the server at > times. I set it back to default setting of 10MB and resource usage was > much better. I figured like you, that most of the virus out there come > in small packages. Any larger and the virus writer couldn't spread the > virus because the huge files would clog up all the e-mail servers. > Unless that was the intention to begin with, in which case clamav would > still move along, just a lot of virus would be ignored, but all the > others would be caught. Better to have to deal with 1 big virus than > the other 100 little ones out there. >
And Clamav* may NEVER be the only virusscanning software you depend on So if the large >10MB file is infected let the desktop/fileserver/... scanning tool detect that one. * insert any other virus scanning program. -- With kind regards, Maurice Lucas TAOS-IT _______________________________________________ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
