Date: Wed, 23 Mar 2016 18:46:06 +0700 From: Olivier Nicole <Olivier.Nicole@cs.ait.ac.th> To: questions@freebsd.org Subject: Re: Anti-virus for FreeBSD Message-ID: <wu7io0dzabl.fsf@banyan.cs.ait.ac.th> In-Reply-To: <CALfReyd21HiKFDqToV9DOJSFbUpptaOBF4cTi_N8pZSh=fDCqw@mail.gmail.com> (message from krad on Wed, 23 Mar 2016 10:16:26 %2B0000)
next in thread | previous in thread | raw e-mail | index | archive | help
True, > I terms of mail you are not limited to unix bases solutions. Exim for > example as the ability to pass the mail to a host:port for scanning. That > means you are not limited via os and therefore av vendor. And Amavis can do that too. But I would prefer to avoid that because: - it's one more system to manage, update, etc. Even more, a different system. - sending the mail body through the net is less efficient than sending it through a Unix socket (if the AV is on the same machine). best regards, Olivier > On 23 March 2016 at 06:01, Wayne Sierke <ws@au.dyndns.ws> wrote: > >> On Tue, 2016-03-22 at 09:07 +0000, krad wrote: >> >> > Other than that clamav >> > is good enough. >> >> I'm curious as to whether that's an objective or subjective view? >> >> I've got clam-av set up on a couple of mail boxes scanning incoming >> messages and find a worrying amount of viral content still gets >> through. Even after submitting false-negative reports, manual tests >> conducted (days!) later have failed to detect them. >> >> To be fair, some of that also fails to be detected initially by >> commercial AV scanners on MS Windows. However in one instance, for >> example, one AV provider had an update deployed and distributed less >> than two hours after they were notified. >> >> I've submitted suspect attachments to the Virus-Total web site to find >> that it was already submitted previously, sometimes long ago, and clam- >> av is listed with a negative detection result. >> >> > > [2:text/html Show] > --
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?wu7io0dzabl.fsf>