Am 10.08.2016 um 11:52 schrieb Jan-Pieter Cornet:
On 10-8-16 08:22, ANANT S ATHAVALE wrote:Hi, Most of the mails are marked with Win.Exploit.CVE_2016_3316-1. Is this a false positive?Yes. Created a completely empty .doc file using LibreOffice on linux, and the resulting file was recognized as Win.Exploit.CVE_2016_3316-1. This means that on our medium sized ISP, we got so many false positives from ClamAV in a few hours, that it would take several weeks for ClamAV to even find the same number of true positives in our e-mail stream. Guess that's the end of ClamAV as an e-mail virus scanner here...
useless polemicshow me one malware scanner with no FP disaster in the past years and before you throw away the child with the bath consider why you are not just use *scoring* if you can't accept false positives fixable within a short timeframe
and in case of .doc i have seen even users complaining that other mailservers block .doc at all and bounce back you should send a .docx because they can't contain macros (thats .docm are for)
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
