[CentOS] EPEL - Clamav update?

Mon Apr 4 14:18:10 UTC 2016
Bowie Bailey <Bowie_Bailey at BUC.com>

On 4/4/2016 2:16 AM, Ned Slider wrote:
> On 03/04/16 22:10, Ireneusz Piasecki wrote:
>> W dniu 03.04.2016 o 04:39, Rob Kampen pisze:
>>> EPEL maintainers?
>>> I note messages in the log about updated version 0.99.1 of CLAMAV
>>> being available since Mar 5th.
>>> for CentOS 6 no update is available yet.
>>> I used to use rpmforge for this package but that languished for months
>>> before updates became available and eventually stopped altogether.
>>> Is there something I can do to assist in getting this package updated?
>>> I have no idea if this is a difficult package to compile with lots of
>>> dependancies or some otherwise complexities.
>>> In this era of constant SPAM and so many virus / trojan attempts to do
>>> harm to others, it is vital that we run this package to protect our
>>> users.
>>> Please let me know if / how I can assist.
>>> Kind regards
>>> Rob
>> Hi,
>> Does clamav detect anything in this floding e-mail viruses ? My clamav
>> instalation (with amavisd-new) in centos 5 with the current signatures
>> detect nothing in compare to virustotal.org antivirus - i noticed that
>> clamav signatures are lag behind form the top antivir in the market.
>> Viruses in ZIP archives goes via my e-mail gateway (amavisd-new+clamavd)
>> and are stopped finally by F-Secure Client Security. So, clamav is
>> defend from anything ?
>> Sorry for off topic.
> That is pretty much my experience too - I've only seen the occasional 
> FP hit from ClamAV on a mail server for as long as I can remember.
> The latest flavour of the month seems to be .js ransomware which go 
> undetected. I have long blocked all executable file types in amavisd 
> as a matter of policy.
> IMHO the AV vendors lost the battle a long time ago - they simply 
> can't compete with the bad guys nor keep up with the volume and this 
> particular layer of defence is now less effective/ineffective.

Adding the Sanesecurity signatures to ClamAV greatly increases its hit 
rate.  It also has the advantage of blocking lots of phishing and spam 
garbage in addition to the viruses and malware.


There are download scripts for both Linux and Windows available on the 
Sanesecurity site to keep the signatures current.

Further discussion should probably move to the clamav-users mailing list.