How many antivirus are recommended?
Marc Stürmer
mail at marc-stuermer.de
Tue Jun 20 10:13:12 CEST 2017
Zitat von Alex <mysqlstudent at gmail.com>:
> We all have clamav+sanesecurity, but what others are people using?
> Sophos is horrible. Hardly worth it. It doesn't scan for nearly any of
> the popular vectors now.
The truth is that all virus scanners do suck equally at preventing the
spread of new viruses at all. Because when a new wave hits the fan,
the antivirus companies first need to update their signature databases
and then you still need to download the update, which gives the bad
guys plenty of time to spread their unholy stuff like wild fire.
So having an antivirus scanner just gives some kind of protetection
against already known virus, nothing less, nothing more. It should be
always combined with rules concerning file extension filtering.
Some years ago a guy from a German University at the mail server
conference from Heinlein Academy showed some interesting diagrams on
exactly that kind of matter, he used two virus scanners on the same
system.
The setup was that the second virus scanner only fires up if the first
one doesn't have anything to complain about.
First he had Sophos as first virus scanner with Clamavd as second;
after checking his stats however he found out that Clamavd was the
superior scanner, caching more stuff and reversed his scanning cascade
order.
So taking this into account, such an email scanner even might give the
users a false sense of security cushion which in reality is not there.
The best thing still to do is to teach them on which attachments to
open and which not on their system.
More information about the amavis-users
mailing list