Bill, > >> [ qr'^(Email|HTML)\.(Phishing|Spam|Scam[a-z0-9]?)\.'i => 0.1 ], > >> [ qr'^(Email|Html)\.Malware\.Sanesecurity\.' => undef], > >> [ qr'^(Email|Html)(\.[^., ]*)*\.Sanesecurity\.' => 0.1 ], > >> [ qr'^(MSRBL-Images/|MSRBL-SPAM\.)' => 0.1 ],
> It's setup this way because that's the way you have it shown in the > amavisd.conf-default file that comes with the distro I have it that way, because I wanted to have the: ^(Email|Html)\.Malware\.Sanesecurity\. treated as a virus, and not as a spam. The rule stands above the ^(Email|Html)(\.[^., ]*)*\.Sanesecurity\. rule, which would have matched on such name too. So my intention is to let Email|Html * .Sanesecurity be spam, except for Email|Html .Malware .Sanesecurity > If it does work then it looks like amavisd-new separates the headers > from the body...and then uses clamd to scan the body ONLY... Yes, as always, except when some decoder declares it is unable to decode, or if @keep_decoded_original_maps matches, in this case AV scanner would also see the complete mail, in addition to each decoded part. Mark ------------------------------------------------------------------------- This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ _______________________________________________ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/