Hi there,
On Fri, 19 Sep 2014, David F. Skoll wrote:
4. ClamAV effectiveness (was Re: MIMEDefang Digest, Vol 132, Issue 3)
Oops. Sorry about that. :/
Mr. Skoll also wrote:
On Thu, 18 Sep 2014 17:33:44 +0100 (BST)
"G.W. Haywood" <mimedef...@jubileegroup.co.uk> wrote:
In my opinion ClamAV is more or less useless for anything other than
the phishing signatures etc. for which I use it.
Seconded. ClamAV has become almost completely useless since the
Sourcefire and then Cicso acquisition. It's a fine engine, but signatures
are awful.
On our hosted anti-spam service, we outright block executables as well
as executables contained within archive files like ZIP, ARJ, .tar.gz, etc.
I call sub filter_bad_filename() in sub filter() and sub filter_multipart()
and REJECT the message if it doesn't pass muster.
# Doesn't everybody do this?
sub filter_bad_filename ($) {
my($entity) = @_;
my($bad_exts, $re);
$bad_exts = $long_list_of_bad_extensions . '(|\{[^\}]+\})';
$re = '\.' . $bad_exts . '\.*$';
return 1 if (re_match($entity, $re));
# Note: Install Archive::Zip on this server!
if (re_match($entity, '\.zip$') and $Features{"Archive::Zip"}) {
my $bh = $entity->bodyhandle();
if (defined($bh)) {
my $path = $bh->path();
if (defined($path)) {
return re_match_in_zip_directory($path, $re);
}
}
}
return 0;
}
Mr. Skoll wrote further:
On Thu, 18 Sep 2014 14:17:13 -0500 Richard Laager <rlaa...@wiktel.com> wrote:
> Is there a virus scanner you'd recommend for use with MIMEDefang on Linux?
... I'd recommend not running Windows which reduces your exposure to viruses
Seconded.
by 99%.
I respectfully disagree with the 99%. I'm sure it's more than that. :)
--
73,
Ged.
_______________________________________________
NOTE: If there is a disclaimer or other legal boilerplate in the above
message, it is NULL AND VOID. You may ignore it.
Visit http://www.mimedefang.org and http://www.roaringpenguin.com
MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
