On 10-8-16 08:22, ANANT S ATHAVALE wrote: > Hi, > > Most of the mails are marked with Win.Exploit.CVE_2016_3316-1. Is this a > false positive?
Yes.
Created a completely empty .doc file using LibreOffice on linux, and the
resulting file was recognized as Win.Exploit.CVE_2016_3316-1.
This means that on our medium sized ISP, we got so many false positives from
ClamAV in a few hours, that it would take several weeks for ClamAV to even find
the same number of true positives in our e-mail stream.
Guess that's the end of ClamAV as an e-mail virus scanner here...
--
Jan-Pieter Cornet <joh...@xs4all.nl>
"Any sufficiently advanced incompetence is indistinguishable from malice."
- Grey's Law
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
