moderated Re: Virus scanning
toggle quoted messageShow quoted text
Yes scanners can catch spam/phish/malware, the trouble is that virus scanners are tuned for high detection rate because any one choosing a virus scanner will invariably choose the one with the highest detection rate.
Of course this usually equates to a high false positive rate, but no one ever tests for this, and figures for false positives are notoriously hard to find.
This can be a real pain as it often results in critical messages, for example those about SPAM, things containing copies of bad headers in the message body, things where you are trying to send samples of VBScript.
Have you tested what happens when you send innocent, but slightly malicious messages?
From: firstname.lastname@example.org <email@example.com> On Behalf Of Ken Schweizer
Sent: 21 August 2018 16:55
To: firstname.lastname@example.org; email@example.com
Subject: Re: [beta] Virus scanning
My questions are:
Will the Owners/Moderators know that a message was blocked?
Will we know how many are blocked each day?
When will it start?
Yahoo blocked messages and never notified us what, why and how many. It became a disaster not knowing.
"And if any man shall take away from the words of the book of this prophecy, God shall take away his part out of the book of life, and out of the holy city, and from the things which are written in this book." God
I've been testing virus/phishing scanning the last few weeks and I'm pretty confident that it's catching what it should. In testing, it's scanning all emails, all uploaded files and photos. And right now, if the sender is not a subscriber, it drops any emails it finds has a virus or phishing attack.
My default implementation would be to turn it on so that it blocks all emails, files and photos that it finds has a virus or phishing attempt. Do you see any reason to not do it this way?
The scanner I'm using is here: http://www.clamav.net/