On 31 May 2017 at 11:09, Nikolaos Milas <nmi...@noa.gr> wrote: > Hello, > > I am using amavis with clamav and spamassassin and I am regularly training > for spam using the command: > > sa-learn --dbpath '/var/amavis/var/.spamassassin' --spam > /var/amavis/reported-spam > > Things work fine with "pure" spam. > > My problem is that some highly suspicious email messages that they look > like they most probably carry infected attachments are not processed as > spam using the above procedure in order to be blocked in the future. > > For example, I am training for 4 messages of which one is true spam and > the rest are infected mails, but I only get: > > Learned tokens from 1 message(s) (4 message(s) examined) > > What should I be doing to train the system and/or its components to > characterize such mails as "virus" (or at least "spam") and block similar > ones in the future?
Spamassassin is not a tool for identifying or blocking viruses - see https://wiki.apache.org/spamassassin/FilteringViruses. For this you need an antivirus tool. Clamav in its standard form is pretty useless IMHO but it is rather more effective with the sanesecurity addon signatures.