On Thu, Nov 14, 2013 at 04:53:48PM +0100, Axb wrote: > On 11/14/2013 04:49 PM, Henrik K wrote: > >On Thu, Nov 14, 2013 at 10:37:12AM -0500, Kevin A. McGrail wrote: > >>On 11/14/2013 8:57 AM, David F. Skoll wrote: > >>>Some statistics: On our main scanning cluster on 2013-11-13, we > >>>blocked 176,668 messages with EXE files in zip files. ClamAV only > >>>detected 4,610 viruses. Regards, David. > >>Continuing that vein, statistically, in the past 60 days, on one > >>server we blocked 60061 attachments using MIMEDefang. We had > >>PERHAPS 5 or 6 requests to get the quarantined files. Out of those > >>requests at least 50% were requests for 0-day malware. > >> > >>Can't recommend enough that MD is a great product to mix into an > >>anti-spam ecosytem though we also use McAfee, ClamAV and Symantec > >>products as well in the mix with minimal false positives so they are > >>very useful to hammer things definitively but things definitely get > >>by them. > > > >Funny that the thread is mostly anything other than SA.. ;-) > > > >I guess I have to create a "Zipinfo" plugin for SA, had that in mind for a > >while.. > > or a one liner in a ClamV .cdb sig file :)
And it will match even word documents since they are a zip. :-P No way to count files in archive etc, not very flexible yeah..
