On 02/19/2015 06:25 PM, Alex Regan wrote:
Hi,
I use amavis-new and block based on file type. My users should never
get legit executables via email, so they are sent to a quarantine.
Unfortunately, we're finding those simple-minded rules are running out
of gas. :( We've seen a zip file containing an Excel spreadsheet
with a macro virus in it. ClamAV is essentially useless at detecting
viruses, so it's a real problem... any ideas?
if you have enough trap traffic, MD5 hashes >> clamav signatures is a
quick and dirty way of detecting them.
also, Sophos is taking care of them, real nicely.
I'm interested in knowing if you're running Sophos on fedora/centos with
amavisd?
Nope.. I use it to scan mail files before they're archived, not during
mailflow.
I used it years ago with sophie, but have been out-of-touch, and lost
track of how to get it going these days.
You'd have to use the SAVDI (SSSP protocol) interface which is in their
OEM Integration kit (if their license permits)
