Xavier Beaudouin escreveu:
> Hello,
>
>>>> In December 2006, we were running ClamAV 0.88.7, and there were still
>>>> a fair number of "real" viruses being detected in inbound email. Now
>>>> running 0.91.2 and 0.92, there seem to be only phishing attempts, and
>>>> not even very many of them. In fact it seems that our log file shows
>>>> almost as many (hourly) signature update messages as phish detections
>>>> (much less "real" virus detections).
>>>>
>>>> Have other ClamAV users experienced a similar decline in email
>>>> attacks?
>>
>> Yes.
>>
>> And this can be considered "bad news" for clamav integrators :).
>
> I can confirm this also.
>
> I get less and less "virus/worm" in email, but scam / spam and all
> waste of email are more and more detected.
>
> Maybe email is going to be more and more useless and signal over noise
> in this is getting worse than before... (noise = spam....)..
Same thing here ..... i got VERY FEW things (virus and scams)
detected by clamav, even using several extra definition files and having
pretty busy mail servers.
Are my mailboxes NOT being hit by this kind of trash ?? Definitely
not !!!
You should note that some other configurations can (and always will)
reduce drastically the number of messages that will hit your
SpamAssassin and/or antivirus things.
- greylisting
- DNS blocking based on reverse DNS being configured or not
- some early SPF checking
- and others
i have experienced myself a drop of 80-90% on the number of messages
that hit amavis (and then clamav and spamassassin) by simply turning
greylisting on. If i turn greylist off, i got almost 10x the number of
messages processed and, as you can imagine, the number of SPAMs and
virus detected grows as well.
Even if you're sure your upstream server is not doing antivirus
checking, you should notice that these other configurations can reduce
drastically the number of 'bad' messages before they reach those last
'content-checking' stages, like antivirus and antispam ones.
--
Atenciosamente / Sincerily,
Leonardo Rodrigues
Solutti Tecnologia
http://www.solutti.com.br
Minha armadilha de SPAM, NÃO mandem email
[EMAIL PROTECTED]
My SPAMTRAP, do not email it
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://lurker.clamav.net/list/clamav-users.html
