Community Discussions and Support
Why so few viruses picked up by ClamWall??

[quote user="pbeddy"]

Thanks. I do appreciate the feedback, Thomas.

While I do not want to be lulled into a false security, it is reassuring to compare notes. I wonder how long it will take the virus authors to pick up on this measure and make their "products" "graywall-compliant"?

[/quote]

Not all that long I suspect, they are already delivering directly to the MX host in an attempt to bypass Graywall.   The problem for them is that the addition of the retry does make it more expensive in time to deliver the mail.  It might even make it easier for the operator of the "Zombied" machine to detect something is going on with their system.  The real point is that you still need something scanning the mail for viruses, the fact that Graywall blocks some is just an added extra.

[quote user="pbeddy"]<p>Thanks. I do appreciate the feedback, Thomas.</p><p>While I do not want to be lulled into a false security, it is reassuring to compare notes. I wonder how long it will take the virus authors to pick up on this measure and make their "products" "graywall-compliant"?</p><p>[/quote]</p><p>Not all that long I suspect, they are already delivering directly to the MX host in an attempt to bypass Graywall.   The problem for them is that the addition of the retry does make it more expensive in time to deliver the mail.  It might even make it easier for the operator of the "Zombied" machine to detect something is going on with their system.  The real point is that you still need something scanning the mail for viruses, the fact that Graywall blocks some is just an added extra. </p>

I am up-to-date with ClamWall (clamav-091-1) and FreshClam. I have also installed the additional ClamSup signatures to detect phishing messages. According to the logs, all is well.

My observation: MANY phishing messages have been intercepted and quarenteened. HOWEVER: it has been days since it picked up a genuine virus (Worm.Mydoom.I found 8 days ago) - and this with an average of about 1100 messages actually being received each day, after Graywalling.

Can it be that the transport mechanism used by virus infected PC's is also vulnerable to the Graywall concept?

  Any similar observations by other users?

<p>I am up-to-date with ClamWall (clamav-091-1) and FreshClam. I have also installed the additional ClamSup signatures to detect phishing messages. According to the logs, all is well. My observation: MANY phishing messages have been intercepted and quarenteened. HOWEVER: it has been days since it picked up a genuine virus (Worm.Mydoom.I found 8 days ago) - and this with an average of about 1100 messages actually being received each day, after Graywalling. </p><p>Can it be that the transport mechanism used by virus infected PC's is also vulnerable to the Graywall concept? </p><p>  Any similar observations by other users? </p>

Very similar to my experience.  I very seldom catch any viruses at all and baed on testing with various other anti-virus software it looks like I'm not getting all that many either.  I've not found one that got through ClamD.  It of course might be that I'm simply not getting all that many viruses.

 

<p>Very similar to my experience.  I very seldom catch any viruses at all and baed on testing with various other anti-virus software it looks like I'm not getting all that many either.  I've not found one that got through ClamD.  It of course might be that I'm simply not getting all that many viruses. </p><p> </p>

Thanks. I do appreciate the feedback, Thomas.

While I do not want to be lulled into a false security, it is reassuring to compare notes. I wonder how long it will take the virus authors to pick up on this measure and make their "products" "graywall-compliant"?


 

<p>Thanks. I do appreciate the feedback, Thomas.</p><p>While I do not want to be lulled into a false security, it is reassuring to compare notes. I wonder how long it will take the virus authors to pick up on this measure and make their "products" "graywall-compliant"?</p><p>  </p>

My experience is similar - there is little virus traffic around at the moment.

Also, on my site, some malware is already defeating Greylisting and getting through.

<P>My experience is similar - there is little virus traffic around at the moment.</P> <P>Also, on my site, some malware is already defeating Greylisting and getting through.</P>
live preview
enter atleast 10 characters
WARNING: You mentioned %MENTIONS%, but they cannot see this message and will not be notified
Saving...
Saved
With selected deselect posts show selected posts
All posts under this topic will be deleted ?
Cancel
Delete
Pending draft ... Click to resume editing
Discard draft