On 05/23/2016 01:43 PM, Michael Heseltine wrote:
Hello all,
I have recently modified my exim (4.82) configuration so that all
messages pass through clamav (0.99.2) first. Anything labeled as
malware should be rejected while the incoming SMTP connection is still
open (using an *acl_smtp_data* in exim).
But so far, this setup has not detected a single malware. All messages
pass though without any notices:
Hi Michael,
I made a similar inquiry last week (Signature update schedule, and
requirements for adding Signatures) - this was the responses:
My 2 cents would be that rapid traditional signature updates are not a viable
solution to this long term problem. I'm pretty sure the current generation of
Locky, Dridex, Nemucod, etc. ransomware is generated using millions of tiny
mutations so that almost every email attachment has a unique signature. There
is no way to keep up with that. ClamAV got more than a million virus samples
per day, last time I inquired.
...Chris
Best Regards
Michael
_______________________________________________
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/contact.html#ml
