Hi Michael and Michael, You may want to look at sanesecurity[.]org. They have a supplemental ClamAV database that is supposed to be better at detecting the current scourge of ransomware and malware. It was recommended to me when I noted that ClamAV seems to miss a LOT of the current malware, but I have not tried it yet. ...ChrisÂ
>>On 05/23/2016 01:43 PM, Michael Heseltine wrote: >> Hello all, >> I have recently modified my exim (4.82) configuration so that all >> messages pass through clamav (0.99.2) first. Anything labeled as >> malware should be rejected while the incoming SMTP connection is still >> open (using an *acl_smtp_data* in exim). >> >> But so far, this setup has not detected a single malware. All messages >> pass though without any notices: >> >Hi Michael, > >I made a similar inquiry last week (Signature update schedule, and >requirements for adding Signatures) - this was the responses: >>> >>>My 2 cents would be that rapid traditional signature updates are not a >>>viable solution to this long term problem. >>>I'm pretty sure the current generation >>>of Locky, Dridex, Nemucod, etc. >>>ransomware is generated using millions >>>of tiny mutations so that almost every email attachment has a unique >>>signature. >>>There is no way to keep up with >>>that. ClamAV got more than a million virus samples per day, last time I >>>inquired. >>>...Chris > >Best Regards >Michael > _______________________________________________ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
