From owner-freebsd-questions@freebsd.org Wed Mar 23 06:03:41 2016 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 34E81AB4F84 for ; Wed, 23 Mar 2016 06:03:41 +0000 (UTC) (envelope-from ws@au.dyndns.ws) Received: from mailman.ysv.freebsd.org (unknown [127.0.1.3]) by mx1.freebsd.org (Postfix) with ESMTP id 1F6241670 for ; Wed, 23 Mar 2016 06:03:41 +0000 (UTC) (envelope-from ws@au.dyndns.ws) Received: by mailman.ysv.freebsd.org (Postfix) id 1B500AB4F83; Wed, 23 Mar 2016 06:03:41 +0000 (UTC) Delivered-To: questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 18ABEAB4F82 for ; Wed, 23 Mar 2016 06:03:41 +0000 (UTC) (envelope-from ws@au.dyndns.ws) Received: from ipmail05.adl6.internode.on.net (ipmail05.adl6.internode.on.net [150.101.137.143]) by mx1.freebsd.org (Postfix) with ESMTP id 98218166F for ; Wed, 23 Mar 2016 06:03:40 +0000 (UTC) (envelope-from ws@au.dyndns.ws) Received: from ppp103-111.static.internode.on.net (HELO lillith-iv.ovirt.dyndns.ws) ([150.101.103.111]) by ipmail05.adl6.internode.on.net with ESMTP; 23 Mar 2016 16:32:24 +1030 X-Envelope-From: ws@au.dyndns.ws X-Envelope-To: questions@freebsd.org Received: from predator-ii.buffyverse (predator-ii.buffyverse [172.17.17.136]) by lillith-iv.ovirt.dyndns.ws (8.14.9/8.14.9) with ESMTP id u2N61sTY054917; Wed, 23 Mar 2016 16:31:54 +1030 (ACDT) (envelope-from ws@au.dyndns.ws) Message-ID: <1458712914.1578.37.camel@au.dyndns.ws> Subject: Re: Anti-virus for FreeBSD From: Wayne Sierke To: krad , Olivier Nicole Cc: questions@freebsd.org Date: Wed, 23 Mar 2016 16:31:54 +1030 In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" X-Mailer: Evolution 3.18.5.1 FreeBSD GNOME Team Port Mime-Version: 1.0 Content-Transfer-Encoding: 7bit X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.4.3 (lillith-iv.ovirt.dyndns.ws [172.17.17.142]); Wed, 23 Mar 2016 16:31:55 +1030 (ACDT) X-Scanned-By: MIMEDefang 2.75 on 172.17.17.142 X-Scanned-By: SpamAssassin 3.004000(2014-02-07) X-Scanned-By: ClamAV X-Spam-Score: -2.9 () ALL_TRUSTED,BAYES_00 X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 23 Mar 2016 06:03:41 -0000 On Tue, 2016-03-22 at 09:07 +0000, krad wrote: > Other than that clamav > is good enough. I'm curious as to whether that's an objective or subjective view? I've got clam-av set up on a couple of mail boxes scanning incoming messages and find a worrying amount of viral content still gets through. Even after submitting false-negative reports, manual tests conducted (days!) later have failed to detect them. To be fair, some of that also fails to be detected initially by commercial AV scanners on MS Windows. However in one instance, for example, one AV provider had an update deployed and distributed less than two hours after they were notified. I've submitted suspect attachments to the Virus-Total web site to find that it was already submitted previously, sometimes long ago, and clam- av is listed with a negative detection result.