[04:39] <gbell> Do you guys run AV on your ubuntu machines?
[04:43] <blahdeblah> gbell: yes, but only for incoming mail
[05:14] <gbell> ClamAV?
[05:14] <gbell> @blahdeblah ClamAV?
[05:14] <meetingology> gbell: Error: "blahdeblah" is not a valid command.
[05:15] <blahdeblah> gbell: just use names; no @ needed
[05:15] <blahdeblah> gbell: And yes, ClamAV :-)
[05:30] <gbell> blahdeblah: Last dodgy attachment I ran through ClamAV came up blank.  AV is so technically challenging - they run virtual machines - that I don't know how an OS project could measure up.
[05:31] <blahdeblah> Totally true; I believe VirusTotal has an API nowadays; it would be worth checking out whether there are any filters for postfix/spamassassin which allow checking of file hashes against its API (similar to razor/pyzor, but for AV rather than spam)...
[05:32] <gbell> file hashes don't work with modern viruses that mutate.
[05:32] <blahdeblah> and yet VirusTotal is still a useful and viable service
[05:33] <gbell> Don't you upload the entire binary to VirusTotal?
[05:33] <blahdeblah> They recently added hash checking via API, I believe
[05:39] <gbell> Interesting... you can send a hash to 'rescan' a file (I guess that just means getting the results again).  https://www.virustotal.com/en/documentation/public-api/  
[05:39] <gbell> My Win7 Virtualbox instance just got infected today.  First time ever.  I'm hoping they didn't crawl my SMB shares (linux host) and infect other stuff.
[05:41] <bradm> gbell: Sophos has a linux agent, at $WORK[-1] we had exim piping things through it first before delivery.  not sure how feasible that is for home though, no idea on pricing.
[05:41] <bradm> https://www.sophos.com/en-us/products/free-tools/sophos-antivirus-for-linux.aspx
[05:42] <bradm> there you go, free.
[05:45] <blahdeblah> bradm: That might even be worth having a play with
[05:45] <bradm> blahdeblah: my knowledge on how it runs is several years old, so I couldn't comment on how good it is these days, but its free, what could you lose other than time?
[05:46] <bradm> you could probably even run both clamav and sophos via spamassassin or something, not sure how well the free version plays with others though
[05:46] <blahdeblah> gbell: Do you know anything about the infection vector on your Win7 box?  One thing we used to do at $job - 1 was run an AV filter on the local squid proxy; it had surprisingly little impact, and still picked up quite a few drive-by downloads.
[05:47] <blahdeblah> bradm: I use amavis, and that definitely supports setups like that
[05:47] <bradm> blahdeblah: depends on how well the sophos agent does integration I guess
[05:48] <blahdeblah> pretty sure it's supported out of the box with amavis
[05:49] <bradm> thats great then, should work nicely.
[05:50] <bradm> ah, they want name and email details to download it
[05:51] <blahdeblah> understandable; they need to be able to spam you, right? :-)
[05:58] <bradm> totally.
[06:24] <gbell> blahdeblah: yeah, downloaded/installed 7zip, resedit and chromium today.  I think it was one of the first two.
[06:28] <gbell> oh, fun, the 7zip I downloaded (from their site) shows up on Virustotal:  https://www.virustotal.com/en/file/543457ec106a47cf74e0f6f84a40acefcc5d0faee909266745008fa9ab3a5681/analysis/  Could be a false-positive... the names of the malware are different than what MS Security said I had (Win32/Hadsruda!bit)
[06:32] <gbell> Correction. resedit, not 7zip.
[07:27] <blahdeblah> gbell: Malware names vary quite a lot from vendor to vendor