On 23/05/2016 21:21, Joel Esler wrote:
On Mon, May 23, 2016 at 08:56:57PM +0200, Groach wrote:
On 23/05/2016 20:39, Dave McMurtrie wrote:
On Mon, 2016-05-23 at 19:52 +0200, C.D. Cochrane wrote:
ClamAV is fast, free, easy to integrate with just about any MTA and
it's actively developed. We've been running it for years, along with
the SaneSecurity signatures and it's been working well for us. If
there's a better alternative, I'd be interested in learning about it.
For the record, I too am using Clam (Clamwin, actually) as the inline
email scanner for our MTA but thats only because we have subscribed
to SaneSignatures (a money donation well worth it). Without Sane the
clam default sigs are a joke (sometimes taking MONTHS to appear after
the threat release, sometimes not even there for years later. Ive
proven, all of these points, with evidence, in the past). Sane sigs,
however, made the solution better if not the BEST compared to ALL
OTHER commercial releases for trapping Zero-hour threat (they really
put the 'zero hour' in to "zero hour" unlike other AV providers
taking 'many hours' (sometimes even "a day or two") to respond with
their "zero hour" signatures.
The one lesson I did learn though was never to automatically
quarantine or delete 'infected' files (put it in REPORT ONLY scan
mode). Historically Clam sigs had far too many False Positives which
famously culminated in disabling complete systems earlier this year
(windows specifically) because they deleted system DLL files and
other genuine programs - even its own Clam program! (Admittedly,
since March, the rate of FP's seem to have been reduced. Whether
thats because of the new signature format or what I dont know).
Several reasons. Partly because of your concerns which brought things
to our attention. False Positive reports are important!
Positive responses to peoples concerns are always worthy of recognition
and credit where credit is due. Thank you for addressing them. Nice to
hear..
_______________________________________________
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/contact.html#ml
