On 30/03/2016 22:53, C.D. Cochrane wrote:
Hi, I am the new guy here so please forgive my ignorance :) But "ClamAV is the open
source standard for mail gateway scanning software" It sure seems like a lot of
people are getting hot about FPs on files that are NOT received as emails? I keep seeing
log files, samba distributions and full Windows C:\ scans where people complain about
false positives. Shouldn't that be product other than ClamAV doing these scans? I mean
if it's not arriving in your inbox as an attachment why are you scanning it with ClamAV?
In case it came in by a worm. Or through a drive-by on a web page. Or
a downloaded program. Or transferred from a USB stick.... But of course
despite the the very strong recommendation to not rely (at all) on
ClamAV for detecting anything and that it should only be used as a
backup to a more reliable product (which itself doesnt make much sense
as if the more reliable product isnt going to catch an infection then
this certainly wont), people still do use it by itself. Tthe best
advice would be:
a, dont use ClamAV to protect your system
b, if you do, use more reliable 3rd party definitions to give a better
chance
with the implied additions:
c, if you choose to ignore a and b, please dont bother complaining
about FP's
d, do (c) anyway.
Still, people have choices and they can do what they want. Whilst there
is the option, and a belief that an AV solution should be effective,
then naturally people will expect it and report their FP's. (And who
can blame them).
_______________________________________________
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/contact.html#ml
