Re: Milter and ClamAV

From: Richard Stevenson (richard_at_endace.com)
Date: 07/01/04

  • Next message: Chris: "Re: Milter and ClamAV" 
    Date: Thu, 1 Jul 2004 13:22:03 +1200
To: Eric Crist <ecrist@secure-computing.net>

    On Wed, 30 Jun 2004, Eric Crist wrote:

    > I've just installed ClamAV with Milter support. I was wondering how I
    > would go about adding a signature at the bottom of outgoing mail to
    > indicate that it has been scanned?

    I wouldn't bother, for two reasons:

    1. Clamav-milter adds a couple of X- headers to the message, saying it
         was scanned. This is what was in your message:

         X-Virus-Scanned: clamd / ClamAV version 0.72, clamav-milter version 0.72
                 on grog.secure-computing.net
         X-Virus-Status: Clean

    2. I'm not aware of any general way to add a note to the bottom of any
         message, unless you ban all multipart messages and/or attachments from
         passing through your system. Your users/customers might complain
         about that ;)

    Personally, I think the idea of such a signature is just a "feel-good"
    thing and doesn't actually add anything other than a false sense of
    security. Depending on how often you update your virus DB files, and
    which virus it is, a message containing a virus may get through the
    scanning without detection. For example, I've got a copy of
    W32.Spybot.Worm sitting on my disk that clamav doesn't pick up, even
    though I submitted it to them when I first received a copy of it, several
    weeks ago. Norton/Symantec, Trend, and F-Prot all detect the virus and
    try to delete/quarantine the file.

    If you really want to go ahead and do this, read the clamav-milter manpage
    and look for --signature-file. Personally, I see no value in it.

    Regards

    Richard 

    -- 
Richard Stevenson
_______________________________________________
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org"
  • Next message: Chris: "Re: Milter and ClamAV"

    Relevant Pages

    • Re: Milter and ClamAV
      ... > would go about adding a signature at the bottom of outgoing mail to ... That's less intrusive than the "scanned-by" signature. ...
      (freebsd-questions)
    • Re: cDc prepares user-friendly stego app!
      ... > scan the webpage for stegged content using your signature and password. ... > it is more likely to have a virus -- which is simply stupid. ... > about a bunch of lies and innuendo just because you can. ...
      (comp.security.misc)
    • Re: Swen annoyances to everyone: wakeup call
      ... LiveUpdate on 9/19 and 9/20 it indicated no new signature ... >| many mail delivery failure messages can infect you. ... The Sobig.F virus was eventually (after ... >| Sobig.F (or the related mail delivery failure messages). ...
      (microsoft.public.security)
    • Re: Antivirus
      ... ceased to be amazed at the attitude some Windows users seem to have. ... call me in desperation upon having one of those programs let a virus through. ... signature, and hopefully you weren't infected by then. ... And you are at the whims of what the AV vendor defines as a threat. ...
      (Ubuntu)
    • Re: Obtaining a "Faux Virus"?
      ... virus but doesn't act like a virus ... That string was designed for exactly that purpose. ... and most AV programs will have the signature in their ... Dustin Cook [Malware Researcher] ...
      (alt.comp.anti-virus)