As I said in the original post "I inherited this system and have no idea where to start looking." So I either figure out how to *add* a commercial product to the existing system or figure out how to integrate the commercial product without ClamAV.
the very first thing i would do is make 100% sure that the operating system that is running the mail server and the rest is UP TO DATE and a current version of the OS
it would do no good if it were say.... RHEL4.9
or a not licensed version of RHEL 5 or 6
or what ever os that this is
once up to date
then contact a for pay like Norton or trend or whom ever about running their product on your server
most have a linux version that will run on linux to LOOK for Microsoft viruses IN THE MAIL
but MS viruses do not run on a linux OS -- they can not .
and a running squid ISD on a up to date OS is VERY safe
if RHEL 5 or 6 have SE enabled and set to ENFORCING
but if your boss WANTS to through cash in the trash can ...........
you DO know that NO and i do mean NO av software will detect better than about 25 % on a unknown virus
The problem is that in this particular instance it took two days for ClamAV to update their signature files after I submitted an example
very odd ?
Normally they are FASTER at getting out a NEW sig for a NEW virus
you say that freshclam runs in a cron job every 30 min. ( over kill )
daily or twice daily would do
and you DO have the clam daemon service RESTARTING after EVERY update
so for every 30 min
freshclam is ran
then the daemon is ALSO restarting