On 11/14/2013 04:49 PM, Henrik K wrote:
On Thu, Nov 14, 2013 at 10:37:12AM -0500, Kevin A. McGrail wrote:
On 11/14/2013 8:57 AM, David F. Skoll wrote:
Some statistics: On our main scanning cluster on 2013-11-13, we
blocked 176,668 messages with EXE files in zip files. ClamAV only
detected 4,610 viruses. Regards, David.
Continuing that vein, statistically, in the past 60 days, on one
server we blocked 60061 attachments using MIMEDefang. We had
PERHAPS 5 or 6 requests to get the quarantined files. Out of those
requests at least 50% were requests for 0-day malware.
Can't recommend enough that MD is a great product to mix into an
anti-spam ecosytem though we also use McAfee, ClamAV and Symantec
products as well in the mix with minimal false positives so they are
very useful to hammer things definitively but things definitely get
by them.
Funny that the thread is mostly anything other than SA.. ;-)
I guess I have to create a "Zipinfo" plugin for SA, had that in mind for a
while..
or a one liner in a ClamV .cdb sig file :)
