David F. Skoll wrote > In my experience, ClamAV has become completely useless as a practical > way to stop viruses. The viruses encrypt and mutate themselves much > too quickly for ClamAV to keep up. I believe many commercial virus > scanners are in the same boat. So we just block executables, whether > directly attached or embedded in zip files.
Agreed, that why I added the following databases... foxhole_generic.cdb, which blocks dangerous *double* extensions, without blocking single exe's or go the whole hog and use: foxhole_all.cdb, which blocks dangerous extensions The above tactic can be done in other ways, but some people have found it useful using ClamAV For less the aggressive... rouge.hdb, is updated hourly (at the moment) with malware hashes of received malware emails phish.ndb, contains simple filename heuristics for some malware. Anyway, wrong list for ClamAV stuff, so I'll be off ;) Cheers, Steve Sanesecurity.com -- View this message in context: http://spamassassin.1065346.n5.nabble.com/Block-exe-in-attachment-tp107195p107209.html Sent from the SpamAssassin - Users mailing list archive at Nabble.com.
