On 02/19/2015 03:24 PM, David F. Skoll wrote:
On Thu, 19 Feb 2015 07:46:16 -0600
Chad M Stewart <c...@balius.com> wrote:
I use amavis-new and block based on file type. My users should never
get legit executables via email, so they are sent to a quarantine.
Unfortunately, we're finding those simple-minded rules are running out
of gas. :( We've seen a zip file containing an Excel spreadsheet
with a macro virus in it. ClamAV is essentially useless at detecting
viruses, so it's a real problem... any ideas?
if you have enough trap traffic, MD5 hashes >> clamav signatures is a
quick and dirty way of detecting them.
also, Sophos is taking care of them, real nicely.
