Re: [Clamav-users] RFC: Recognize mbox format

From: jef moskot <jef_at_nospam>
Date: Fri Oct 12 2007 - 16:33:28 GMT
To: ClamAV users ML <clamav-users@lists.clamav.net>

On Mon, 8 Oct 2007, Joao S Veiga wrote:
> To me, is more logical/easier/less annoying to explode the mboxes ONLY if
> something is found in them instead of exploding all the mboxes to scan them (in
> 99.842% of the cases, they will be clean anyway).

If you use the SaneSecurity signatures, it is actually extremely likely that you will find "infected" files in existing mailboxes. The signatures are terrific, but there is an unavoidable lag between the newest phishes and the updated sigs, moreso than in the standard anti-virus sigs.

This is the case in my environment, anyway.

Jeffrey Moskot
System Administrator
jef@math.miami.edu

Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html

This message: [ Message body ]
Next message: Ian Eiloart: "Re: [Clamav-users] ClamAV hanging under medium-high load"
Previous message: Dennis Peterson: "Re: [Clamav-users] Some question on freshclam"
In reply to: Joao S Veiga: "Re: [Clamav-users] RFC: Recognize mbox format"
Next in thread: John W. Baxter: "Re: [Clamav-users] Getting line numbers"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ]