On Thu, Nov 14, 2013 at 10:37:12AM -0500, Kevin A. McGrail wrote: > On 11/14/2013 8:57 AM, David F. Skoll wrote: > >Some statistics: On our main scanning cluster on 2013-11-13, we > >blocked 176,668 messages with EXE files in zip files. ClamAV only > >detected 4,610 viruses. Regards, David. > Continuing that vein, statistically, in the past 60 days, on one > server we blocked 60061 attachments using MIMEDefang. We had > PERHAPS 5 or 6 requests to get the quarantined files. Out of those > requests at least 50% were requests for 0-day malware. > > Can't recommend enough that MD is a great product to mix into an > anti-spam ecosytem though we also use McAfee, ClamAV and Symantec > products as well in the mix with minimal false positives so they are > very useful to hammer things definitively but things definitely get > by them.
Funny that the thread is mostly anything other than SA.. ;-) I guess I have to create a "Zipinfo" plugin for SA, had that in mind for a while..
