On Fri, 20 May 2016 15:00:55 +0000 David Jones <djo...@ena.com> wrote:
> >From: Dianne Skoll <d...@roaringpenguin.com> > >ClamAV is basically useless. > ClamAV helps a little with the unofficial sigatures. The operative word here is "a little". I find that the unofficial signatures that are good at actually catching bad stuff have extremely high FP rates, while the less-aggressive unofficial signatures don't catch that much. > The best thing to do is block as much as you can at the MTA > level with Postscreen and RBL weights like Reindl posted, > greylisting, SMTP helo checks, etc. That's a fine solution for spam, but not for malware that can end up costing you or your customer huge amounts of money. You absolutely must use a content-scanning technique to block the malware, though of course the comparatively-cheap up-front tests can reduce the flow substantially. Regards, Dianne.