>> I get lots of 'invoices' from DHL containing a zipped >> trojan. F-Prot recognizes them as Win32/Bredolab!Generic >> but ClamAV does not. > > Hi, > > Just in case this helps block them... I've been detecting > these for a while if its the same sort of fake invoices > I've been receiving here, using the Sanesecurity > signatures: > > http://sanesecurity.co.uk/download_scripts_linux.htm >
I used to have SaneSecurity up to date, but some day it just stopped working. There was an update in debian amavisd-new at the same time, if I remember. Then I decided SaneSecurity is not worth it, as SpamAssassin catches those too, and has less false positives. SaneSecurity triggers way too often when some dumb user pastes a spam into his mail, or some robot sends a bounce with an attachment. I do not want to report those cases to SpamCop, Razor, DCC.. Making me writing tons of tests in my scripts. Too risky. I keep SpamAssassin for spam, ClamAV/F-Prot/BitDefender for antivir, and that works for me best. SaneSecurity is a fine product, but currently I do not want it. _______________________________________________ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
