Hi,
I use amavis-new and block based on file type. My users should never
get legit executables via email, so they are sent to a quarantine.
Unfortunately, we're finding those simple-minded rules are running out
of gas. :( We've seen a zip file containing an Excel spreadsheet
with a macro virus in it. ClamAV is essentially useless at detecting
viruses, so it's a real problem... any ideas?
if you have enough trap traffic, MD5 hashes >> clamav signatures is a
quick and dirty way of detecting them.
also, Sophos is taking care of them, real nicely.
I'm interested in knowing if you're running Sophos on fedora/centos with
amavisd?
I used it years ago with sophie, but have been out-of-touch, and lost
track of how to get it going these days.
Off-topic, I guess, but if anyone has any pointers on how to integrate
sophos and clamav with amavisd on fedora, I'd be very appreciative.
Googling only reveals ancient sources.
Thanks,
Alex
