| Main Archive Page > Month Archives > clamav-users archives |
Re: [Clamav-users] Email viruses almost non-existent?
From: G.W. Haywood <ged_at_nospam>Date: Fri Dec 28 2007 - 16:39:19 GMT
To: clamav-users@lists.clamav.net
Hi there,
On Fri, 28 Dec 2007 Brian Read wrote:
> I use a number of smeservers (aka e-smith), which all use clamav to
> scan incoming emails. Up to (and including) version 6 I got plenty
> of hits from clamav. As I upgraded to version 7, the clamav hits
> subsided to only phishing emails being detected. My explanation of
> this is the Version 7 contains qpsmtpd which "validates" the smtp
> protocol and rejects anything which is non standard, whereas
> previous versions (broadly) accepted everything, then relied on
> spamassassin and Clamav to weed out the baddies. So, my proposition
> is that the smtp engines for the "older" viruses may have been
> "simplified" and therefore are not acceptable to the very strict
> qpsmtpd. I upgraded the server in mid december and it was seeing
> 30-40 (real) viruses a day. Overnight it no longer logs any clamav
> hits (but rejects a hell of a lot of "illegal" email). Does that
> make sense?
It makes sense to me. I use ClamAV only as a Sendmail milter. There are lots of Sendmail configuration tricks to weed out unwanted mail, and I use as many of them as I can before the message gets as far as the relatively processor-intensive ClamAV. Clamav-milter is the sixth milter in the queue, but I guess the simple SMTP engines found in most viruses will rarely even get past our GreetPause. :) -- 73, Ged. _______________________________________________ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html