What I mean is that files that can contain other files (e.g. zip) are not looked at as a whole, and inspected internally to the /full/ extent that they could or would be by a SMTP MTA or SMTP relay-based AV solution.
e.g. The last time I checked, ClamAV signatures were released ahead of schedule to Symantec - yet my Symantec for Exchange antivirus engine on my MTA is continually catching viruses in compressed files that ClamAV missed - for what could be multiple reasons based on my ASSP config.. And (I think it was Charles who brought up the point, but I'm on my phone right now) there are settings that may deter deter or cut-off scanning that would be done by other traditional scanners. Yes, setting can be changed, but then performance is hindered - and let's start with recommended "defaults" before going off on tweaking branches of the discussion. To be clear - I'm not suggesting that there isn't a benefit to using ClamAV with ASSP. There are many, and I'll let someone else fill in those blanks. The sanesecurity signatures alone should be reason for anyone to use it. -- ME2 (mobile) -----Original Message----- From: "Fritz Borgstedt" <[EMAIL PROTECTED]> Date: Wednesday, Aug 22, 2007 9:16 am Subject: Re: [Assp-user] Virus filtering To: Questions and Answers for users of ASSP Anti-Spam SMTP Proxy <[email protected]>Reply-To: Questions and Answers for users of ASSP Anti-Spam SMTP Proxy <[email protected]> >>Remembe, ClamAV is being used with ASSP as type of sniffing proxy. >The entire file is not being analyzed, and files that can operate as >containers for other files are not fully interrogated. > >It is up to the admin to set the avbytes option. What " >files that can operate as containers for other files are not fully >interrogated. >" means, I do not know. ASSP does not influence ClamAV to not >"interrogate". > > > >------------------------------------------------------------------------- This >SF.net email is sponsored by: Splunk Inc. >Still grepping through log files to find problems? Stop. >Now Search log events and configuration files using AJAX and a browser. >Download your FREE copy of Splunk now >> http://get.splunk.com/ >_______________________________________________ >Assp-user mailing list >[email protected] >https://lists.sourceforge.net/lists/listinfo/assp-user > ------------------------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/ _______________________________________________ Assp-user mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/assp-user
