Date: Wed, 23 Mar 2016 10:16:26 +0000 From: krad <kraduk@gmail.com> To: Wayne Sierke <ws@au.dyndns.ws> Cc: Olivier Nicole <Olivier.Nicole@cs.ait.ac.th>, questions@freebsd.org Subject: Re: Anti-virus for FreeBSD Message-ID: <CALfReyd21HiKFDqToV9DOJSFbUpptaOBF4cTi_N8pZSh=fDCqw@mail.gmail.com> In-Reply-To: <1458712914.1578.37.camel@au.dyndns.ws> References: <wu7vb4fm8ji.fsf@banyan.cs.ait.ac.th> <CALfReyeHNrqZsCd_-3gMb%2B5RDEnW8aK2QfYCDRSBG%2B3bN5tpsQ@mail.gmail.com> <1458712914.1578.37.camel@au.dyndns.ws>
next in thread | previous in thread | raw e-mail | index | archive | help
I terms of mail you are not limited to unix bases solutions. Exim for example as the ability to pass the mail to a host:port for scanning. That means you are not limited via os and therefore av vendor. On 23 March 2016 at 06:01, Wayne Sierke <ws@au.dyndns.ws> wrote: > On Tue, 2016-03-22 at 09:07 +0000, krad wrote: > > > Other than that clamav > > is good enough. > > I'm curious as to whether that's an objective or subjective view? > > I've got clam-av set up on a couple of mail boxes scanning incoming > messages and find a worrying amount of viral content still gets > through. Even after submitting false-negative reports, manual tests > conducted (days!) later have failed to detect them. > > To be fair, some of that also fails to be detected initially by > commercial AV scanners on MS Windows. However in one instance, for > example, one AV provider had an update deployed and distributed less > than two hours after they were notified. > > I've submitted suspect attachments to the Virus-Total web site to find > that it was already submitted previously, sometimes long ago, and clam- > av is listed with a negative detection result. > >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CALfReyd21HiKFDqToV9DOJSFbUpptaOBF4cTi_N8pZSh=fDCqw>