On Mon, 31 Jul 2023, Mike Hillyer via mailop wrote:
From: mailop <mailop-boun...@mailop.org> On Behalf Of Taavi Eomäe via mailopDoes anyone here have any familiarity with antivirus/anti-phish vendors that can or are meant to be used with email? I've checked the rspamd external services page (https://rspamd.com/doc/modules/external_services.html#icap-protocol-specific-details) and it has a nice list, but no other details. Has anyone here tested some of those out? What's the reaction speed against new malware campaigns? Does it also work against (some) phish? Most importantly, are there any that are not priced per-mailbox? Any warnings or comments would be very appreciated.
Best price you’re going to get is ClamAV, being that it’s Open Source. Mike
I have heard (from someone with skin in the game) that open source AV tools don't get much coverage in head-to-head magazine reviews, since they don't buy adverts in the magazines. Several regular contributors on the ClamAV mailing list appear to use extra signature lists when scanning email with clamav, though some of these are spam signatures rather than malware. I haven't come across an AV that, under normal circumstances, updates their signatures more than once per day (in special cases I have seen ClamAV and others make extra releases). No AV will catch everything. Not just day-zeros, each AV has malware that even years later they don't detect. https://www.virustotal.com is a good place to play if you want to see how dozens of AV products get on with any particular virus Use AV products by all means, but don't assume they will catch everything. Do have plans for if/when you find something; both before and after it causes harm. -- Andrew C. Aitchison Kendal, UK and...@aitchison.me.uk
_______________________________________________ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
