On 20 Mar 2013, at 14:35, Matt Olney <mol...@sourcefire.com> wrote: > efore you ask, we don't have a lot of information that we're ready to > share on our end about what we're planning, so I don't want to promise > anything yet. In general we're looking to expand the detection capability, > the engine's stability and make the system a little more usable. As we > firm things up, we'll let you guys know more about what we're working on. > …. > Thanks in advance for your ideas! Please send your ideas to this list so > we can track them.
Focus on stability and usability. I use Exim, Clam, and Spamassassin (in order of descending importance). I regard Exim as essential for continuity of service. Clam, when available, is trusted absolutely to reject emails that are a security threat to my network - so it's important to me that it's as available as possible. Unfortunately, it occasionally hangs leaving zombie processes that require a reboot to fix. When it's available, I want it to block malware attachments, but I also want it to block emails with links to malware, and links to phishing sites. BTW, I use Clam to scan outbound email, as well as inbound, in order to improve herd immunity to infections. One thing that I'd like to do with outbound email is to prevent people from emailing their own passwords. Something along these lines: https://grepular.com/Defending_Against_Spear_Phishing_with_Exim That's a useful tool, but it's Exim specific, and it would be neat to have clam deal with this. -- Ian Eiloart Postmaster, University of Sussex +44 (0) 1273 87-3148 _______________________________________________ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
