I've switched from AVG File Server to ClamWin + Sanesecurity, Now It seems ok, I have to examine for false negatives, maybe I need to exclude some signatures.
Here are the results for 9 hours of Sanesecurity: Passed msg: 912 Viruses detected: 446 Spam msg: 5523 AVG File Server was really really bad, it has detected less than 10 viruses per day. On Mon, May 23, 2016 at 7:29 PM, Bill Cole < sausers-20150...@billmail.scconsult.com> wrote: > On 21 May 2016, at 12:31, Dianne Skoll wrote: > > On Sat, 21 May 2016 12:28:48 -0400 >> "Bill Cole" <sausers-20150...@billmail.scconsult.com> wrote: >> >> On 20 May 2016, at 7:07, Dianne Skoll wrote: >>> >> >> Sorry for the non-easy answer. Doing it properly requires a >>>> non-trivial amount of coding. >>>> >>> >> I do not recall doing any real coding at all to get a steady trickle >>> of log messages like this (regarding mail NOT from Amazon): >>> >> >> May 4 01:30:05 bigsky mimedefang.pl[43619]: 3r067J5jjjz1ZYGsV: >>> MDLOG,3r067J5jjjz1ZYGsV,Reject: Bad >>> Filename,ORDER-067-8958800-7459411.zip,application/zip,< >>> auto-shipp...@amazon.com>,<red...@scconsult.com>,Your >>> Amazon.co.uk order has dispatched (#067-8958800-7459411) >>> >> >> Well, yes, if it's feasible to block all zip files, then it is >> trivial. However, that's not an option for us. :) >> > > Well, that particular system is one where I have extraordinary powers of > persuasion over all of the handful of users, but elsewhere where my > authority is less absolute I've found that providing easily used > alternative means of receiving files more safely makes it easier to crank > down on email constraints that paying customers would otherwise not > tolerate. One wave of mail-borne ransomware can be a persuasive experience > as well for customers who are reluctant to ask senders to do anything > "special" to send them files of suspect types, although obviously that's a > somewhat random event. >