Mark Martinec wrote the following on 3/21/2007 12:51 PM -0800:
> Bill,
>
>
>> I like the artificial header idea. If you could at least make it an
>> optional flag that would be great. Would be nice to be able to add a
>> few SA points if ClamAV detects phish, image, scam, etc., messages,
>> otherwise it doesn't make much sense to use the additional ClamAV
>> signature files provided by SaneSucurity and MSRBL.
>>
>
> You already have the ability (with 2.5.0-pre3) to add score points
> based on phish, image, scam, etc., the only reason why one would
> like to have an artificial header field passed to SA is to be
> able to have all the rules in one place (local.cf), and perhaps
> for Bayes to see this information.
>
Ah, my misunderstanding, thanks for the clarification, that would meet
my needs just fine.
> Nevertheless, it can't hurt to provide this ability. One has then
> a choice to adjust scores either in the @virus_name_to_spam_score_maps
> in amavisd.conf, or by providing rules to match on the artificial
> X-Amavis-AV-Status header field, which will be seen by SA only
> (not in passed or quarantined mail).
>
> The following patch to 2.5.0-pre3 provides it:
>
> --- amavisd.orig Mon Mar 12 21:51:24 2007
> +++ amavisd Wed Mar 21 20:33:05 2007
> @@ -1353,5 +1353,9 @@
>
> @virus_name_to_spam_score_maps =
> - (new_RE( [qr'^(?:Email|HTML)\.Phishing\.'i => 14] ));
> + (new_RE( [ qr'^(Email|HTML)\.(Phishing|Spam|Scam[a-z0-9]?)\.'i => 0.1 ],
> + [ qr'^(Email|Html)\.(Hdr|Img|ImgO|Bou|Stk|Loan|Cred|Job|Dipl|Doc)
> + (\.[^.]*)* \.Sanesecurity\.'x => 0.1 ],
> + [ qr'^(MSRBL-Images/|MSRBL-SPAM\.)' => 0.1 ],
> + ));
>
> # prepend a lookup table label object for logging purposes
> @@ -16973,4 +16977,6 @@
> push(@lines, sprintf("X-Amavis-OS-Fingerprint: %s\n",
> sanitize_str($os_fp))) if $os_fp ne '';
> + push(@lines, sprintf("X-Amavis-AV-Status: %s\n",
> + sanitize_str($msginfo->spam_status))) if $msginfo->spam_status ne
> '';
> my($pbpath) = c('policy_bank_path');
> push(@lines, sprintf("X-Amavis-PolicyBank: %s\n",$pbpath)) if $pbpath ne
> '';
>
>
> The above just adds 0.1 score point for each match, but turns off infection
> flag
> regardless of the actual value on the RHS. The idea is to provide additional
> score points by SA rules below.
>
> The following rules may be placed in local.cf:
>
> header L_AV_Phish X-Amavis-AV-Status =~ m{\b(Email|HTML)\.Phishing\.}i
> header L_AV_SS_Phish X-Amavis-AV-Status =~
> m{\b(Email|Html)\.Phishing(\.[^.]*)*\.Sanesecurity\.}
> header L_AV_SS_Scam X-Amavis-AV-Status =~
> m{\b(Email|Html)\.(Scam[A-Za-z0-9]?)(\.[^.]*)*\.Sanesecurity\.}
> header L_AV_SS_Spam X-Amavis-AV-Status =~
> m{\b(Email|Html)\.(Spam|Hdr|Bou|Stk|Loan|Cred|Job|Dipl|Doc)(\.[^.]*)*\.Sanesecurity\.}
> header L_AV_SS_Hdr X-Amavis-AV-Status =~
> m{\b(Email|Html)\.Hdr(\.[^.]*)*\.Sanesecurity\.}
> header L_AV_SS_Img X-Amavis-AV-Status =~
> m{\b(Email|Html)\.(Img|ImgO)(\.[^.]*)*\.Sanesecurity\.}
> header L_AV_MSRBL_Img X-Amavis-AV-Status =~ m{\bMSRBL-Images/}
> header L_AV_MSRBL_Spam X-Amavis-AV-Status =~ m{\bMSRBL-SPAM\.}
>
> score L_AV_Phish 14
> score L_AV_SS_Phish -3
> score L_AV_SS_Scam 6
> score L_AV_SS_Spam 6
> score L_AV_SS_Hdr 3
> score L_AV_SS_Img 3
> score L_AV_MSRBL_Img 3
> score L_AV_MSRBL_Spam 6
>
>
That's one of the biggest reasons why I love Amavisd-New, you always
make your best effort to accommodate reasonable requests, if possible.
Thanks again!
Bill
-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT & business topics through brief surveys-and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
_______________________________________________
AMaViS-user mailing list
AMaViS-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/amavis-user
AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3
AMaViS-HowTos:http://www.amavis.org/howto/
