Clamav .95 (available in Freebsd Ports), and appears to be upward compatible with amavisd-new...
Has added a new set of signatures, based on Google's 'safebrowsing' feature. (on google, you go where you arn't supposed to go via a google lookup, and they warn you) This same set of url's is available from clamav if you enable them. http://www.clamav.net/support/faq-safebrowsing so, I think. adding this to amavisd.conf will use score any email that has one of these url's in it +10 points, right? go from: @virus_name_to_spam_score_maps = (new_RE( [ qr'^(Email|HTML)\.(Phishing|Spam|Scam[a-z0-9]?)\.'i => 10 ], [ qr'^(Email|Html)\.Malware\.Sanesecurity\.' => 10 ], [ qr'^(Email|Html)(\.[^., ]*)*\.Sanesecurity\.' => 10 ], # [ qr'^(Email|Html)\.(Hdr|Img|ImgO|Bou|Stk|Loan|Cred|Job|Dipl|Doc) # (\.[^., ]*)* \.Sanesecurity\.'x => 0.1 ], [ qr'^Safebrowsing\.' => 10 ], [ qr'^(MSRBL-Images/|MSRBL-SPAM\.)' => 6 ], )); to: @virus_name_to_spam_score_maps = (new_RE( [ qr'^(Email|HTML)\.(Phishing|Spam|Scam[a-z0-9]?)\.'i => 10 ], [ qr'^(Email|Html)\.Malware\.Sanesecurity\.' => 10 ], [ qr'^(Email|Html)(\.[^., ]*)*\.Sanesecurity\.' => 10 ], # [ qr'^(Email|Html)\.(Hdr|Img|ImgO|Bou|Stk|Loan|Cred|Job|Dipl|Doc) # (\.[^., ]*)* \.Sanesecurity\.'x => 0.1 ], [ qr'^(MSRBL-Images/|MSRBL-SPAM\.)' => 6 ], )); who is using it this way, or are you using X-Amavis-AV-Status and *.cf rules to score them? debugging: log_level needs to be 2 to find these, right? The log can now show entries like: amavis[26733]: (26733-03-2) Turning AV infection into a spam report: score=0.1, AV:HTML.Phishing.Auction-289=0.1 and, if using the *.cf rules, I suppose something like: header L_AV_SAFEB_Spam X-Amavis-AV-Status = ~m{\b(Email|Html)\.Safebrowsing(\.[^., ]*)\.}m score LV_AV_SAFEB 5 -- Michael Scheidell, CTO Phone: 561-999-5000, x 1259 > *| *SECNAP Network Security Corporation * Certified SNORT Integrator * 2008-9 Hot Company Award Winner, World Executive Alliance * Five-Star Partner Program 2009, VARBusiness * Best Anti-Spam Product 2008, Network Products Guide * King of Spam Filters, SC Magazine 2008 _________________________________________________________________________ This email has been scanned and certified safe by SpammerTrap(r). For Information please see http://www.secnap.com/products/spammertrap/ _________________________________________________________________________ ------------------------------------------------------------------------------ This SF.net email is sponsored by: High Quality Requirements in a Collaborative Environment. Download a free trial of Rational Requirements Composer Now! http://p.sf.net/sfu/www-ibm-com _______________________________________________ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
