Mark Martinec wrote the following on 3/21/2007 12:51 PM -0800: > Bill, > > >> I like the artificial header idea. If you could at least make it an >> optional flag that would be great. Would be nice to be able to add a >> few SA points if ClamAV detects phish, image, scam, etc., messages, >> otherwise it doesn't make much sense to use the additional ClamAV >> signature files provided by SaneSucurity and MSRBL. >> > > You already have the ability (with 2.5.0-pre3) to add score points > based on phish, image, scam, etc., the only reason why one would > like to have an artificial header field passed to SA is to be > able to have all the rules in one place (local.cf), and perhaps > for Bayes to see this information. > Ah, my misunderstanding, thanks for the clarification, that would meet my needs just fine. > Nevertheless, it can't hurt to provide this ability. One has then > a choice to adjust scores either in the @virus_name_to_spam_score_maps > in amavisd.conf, or by providing rules to match on the artificial > X-Amavis-AV-Status header field, which will be seen by SA only > (not in passed or quarantined mail). > > The following patch to 2.5.0-pre3 provides it: > > --- amavisd.orig Mon Mar 12 21:51:24 2007 > +++ amavisd Wed Mar 21 20:33:05 2007 > @@ -1353,5 +1353,9 @@ > > @virus_name_to_spam_score_maps = > - (new_RE( [qr'^(?:Email|HTML)\.Phishing\.'i => 14] )); > + (new_RE( [ qr'^(Email|HTML)\.(Phishing|Spam|Scam[a-z0-9]?)\.'i => 0.1 ], > + [ qr'^(Email|Html)\.(Hdr|Img|ImgO|Bou|Stk|Loan|Cred|Job|Dipl|Doc) > + (\.[^.]*)* \.Sanesecurity\.'x => 0.1 ], > + [ qr'^(MSRBL-Images/|MSRBL-SPAM\.)' => 0.1 ], > + )); > > # prepend a lookup table label object for logging purposes > @@ -16973,4 +16977,6 @@ > push(@lines, sprintf("X-Amavis-OS-Fingerprint: %s\n", > sanitize_str($os_fp))) if $os_fp ne ''; > + push(@lines, sprintf("X-Amavis-AV-Status: %s\n", > + sanitize_str($msginfo->spam_status))) if $msginfo->spam_status ne > ''; > my($pbpath) = c('policy_bank_path'); > push(@lines, sprintf("X-Amavis-PolicyBank: %s\n",$pbpath)) if $pbpath ne > ''; > > > The above just adds 0.1 score point for each match, but turns off infection > flag > regardless of the actual value on the RHS. The idea is to provide additional > score points by SA rules below. > > The following rules may be placed in local.cf: > > header L_AV_Phish X-Amavis-AV-Status =~ m{\b(Email|HTML)\.Phishing\.}i > header L_AV_SS_Phish X-Amavis-AV-Status =~ > m{\b(Email|Html)\.Phishing(\.[^.]*)*\.Sanesecurity\.} > header L_AV_SS_Scam X-Amavis-AV-Status =~ > m{\b(Email|Html)\.(Scam[A-Za-z0-9]?)(\.[^.]*)*\.Sanesecurity\.} > header L_AV_SS_Spam X-Amavis-AV-Status =~ > m{\b(Email|Html)\.(Spam|Hdr|Bou|Stk|Loan|Cred|Job|Dipl|Doc)(\.[^.]*)*\.Sanesecurity\.} > header L_AV_SS_Hdr X-Amavis-AV-Status =~ > m{\b(Email|Html)\.Hdr(\.[^.]*)*\.Sanesecurity\.} > header L_AV_SS_Img X-Amavis-AV-Status =~ > m{\b(Email|Html)\.(Img|ImgO)(\.[^.]*)*\.Sanesecurity\.} > header L_AV_MSRBL_Img X-Amavis-AV-Status =~ m{\bMSRBL-Images/} > header L_AV_MSRBL_Spam X-Amavis-AV-Status =~ m{\bMSRBL-SPAM\.} > > score L_AV_Phish 14 > score L_AV_SS_Phish -3 > score L_AV_SS_Scam 6 > score L_AV_SS_Spam 6 > score L_AV_SS_Hdr 3 > score L_AV_SS_Img 3 > score L_AV_MSRBL_Img 3 > score L_AV_MSRBL_Spam 6 > > That's one of the biggest reasons why I love Amavisd-New, you always make your best effort to accommodate reasonable requests, if possible.
Thanks again! Bill ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT & business topics through brief surveys-and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV _______________________________________________ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/