On Thu, 19 Feb 2015 09:34:28 -0500 Alex Regan <mysqlstud...@gmail.com> wrote:
[David Skoll] > > spreadsheet with a macro virus in it. ClamAV is essentially > > useless at detecting viruses, so it's a real problem... any ideas? > Useless? Are you using the third-party patterns? No, because when I tried some of them, there were an unacceptably high number of FPs. I tried tweaking various sets of Sane Security signatures and they didn't work well for me. > Just not responsive enough or doesn't have the technology to catch > today's threats? It's not responsive enough. And I don't mean to pick on ClamAV; these macro viruses are slipping past a lot of signature-based AV products. > What are the threats it doesn't catch? Pretty much 99% of the malware passing through our relays (mostly macro viruses nowadays.) Regards, David.