On Mon, 03 Mar 2014 14:00:16 +0000 Steve Hill wrote: > On 03.03.14 13:49, Shawn Webb wrote: > > > You can submit files you suspect are legitimate malware here: > > http://www.clamav.net/lang/en/sendvirus/ > > As mentioned, I've already done that, but my concern is trying to > figure out why Clam only seems to be blocking phishing emails rather > than actual malware - have I got something wrong in my configuration, > or is Clam's detection engine and signature database *really* unable > to detect all this malware? > >
Steve is your Exim installation set up to reject mail on spamminess, using SpamAssassin or similar? I find that SA detects a lot of mail using SA rules that probably contain attachments or inline images that are virus laden, but it's cheaper on system resources to reject at SMTP time than running ClamAV on every mail received. -- Brian Morrison _______________________________________________ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/support/ml
