Hi there, On Thu, 18 Sep 2014, Nels Lindquist wrote:
Re: ClamAV + SaneSecurity signatures
I've been thinking of experimenting with some of the additional ClamAV signatures distributed by SaneSecurity in an attempt to beef up malware detection a bit. Has anyone done much on this front? If so, what's your experience?
I've been using the Sanesecurity signatures for quite a few years. They're the only reason I continue to use ClamAV. They work well.
Given the way that ClamAV is used in a typical MD setup, I'm really only interested in malware detection; I'd prefer to leave phishing, spam, etc. detection to SpamAssassin for aggregate scoring rather than an all-or-nothing detect and drop policy.
Then my recommendation would be to get a better anti-virus package. In my opinion ClamAV is more or less useless for anything other than the phishing signatures etc. for which I use it. I would not rely on it to keep a network populated with Windows machines safe from harm. Very few of the examples of malware which make it past my filters are detected by ClamAV when I upload them to Jotti's malware scan, and if you read the ClamAV mailing list recently you'll see that there's are issues with both detection rates and false positive rates. I'll leave it to you to decide what you think of the responses on the list from the people at Sourcefire. -- 73, Ged. _______________________________________________ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang