On 3/3/14, 8:50 AM, Brian Morrison wrote:
Steve is your Exim installation set up to reject mail on spamminess, using SpamAssassin or similar? I find that SA detects a lot of mail using SA rules that probably contain attachments or inline images that are virus laden, but it's cheaper on system resources to reject at SMTP time than running ClamAV on every mail received.
Given that he received an attachment that is suspicious it indicates it got past all his smtp defenses. Next is to find out if that attachment is actually malware or other evil thing and if so create and distribute a signature.
In my environments the unofficial signatures from Sane Security stop 10 times the volume of official signatures. This has been true for several years and several very large businesses.
However - there's never been a problem that has come in via email - they've always come in on laptops and VPN-connected remote systems.
dp _______________________________________________ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/support/ml
