Wow, that looks perfect! I'll give it a go.
Thanks Thomas. James. On 30/05/2009, at 7:35 PM, Thomas Eckardt/eck wrote: > Hi James, > > I've looked at the code, and what you want to do, should be possible > with > the current code. The only thing you need to know, is the returned > string > from ClamAV. > Since 2.0.0_16.... the 'SuspiciousVirus' is a 'weighted' regex > (signed by > the two ** in GUI). > > ----------------- > Fields marked with an additional asterisk (**) accept a second weight > value separated by => from the regular expression. For example: > spammer=>1.45 . The multiplication result of the weight and the > penaltybox > valence value will be used for scoring, if the absolute value of > weight is > less or equal 6. Otherwise the value of weight is used for scoring. > ----------------- > > Set 'SuspiciousVirus' to your needs. For example: > > Worm65=>2|eicar=>0|Sanesecurity\.SpamImg\.14=>1.5|winnow\.malware\. > 37=>3|Sanesecurity\.Lott\.34=>1|Sanesecurity\.Junk\.20=>35| > Sanesecurity\.Junk\.d+=>10 > > ASSP is processing the matches from left to right. Use the exact > matches > first and those with wildcards after (see > Sanesecurity\.Junk\.20=>35|Sanesecurity\.Junk.\d+=>10) > > Do not forget to escape dots (.) ! > > > Thomas > > > > > James Brown <[email protected]> > 29.05.2009 01:26 > Bitte antworten an > ASSP development mailing list <[email protected]> > > > An > ASSP development mailing list <[email protected]> > Kopie > > Thema > [Assp-test] ClamAV - set scoring/reject based on virus database FP > risk > > > > > > > I use ASSP v2 with ClamAV and the additional virus/phish/spam > databases on the SaneSecurity web site. > > Some of these third party databases have higher risk of False > Positives than others. > > It would be good it ASSP's behaviour on detecting such a 'virus' was > able to be based on the database's risk factor. This risk factor is > listed on: > > Sanesecurity's ClamAV - Phishing and Scam/Spam Signatures > > For example, I would like to be able to block any message that matches > a pattern from a database with Low FP risk, and give different Penalty > Box scores if it matches any of the Med or High risk databases. > > These third party databases greatly reduce the amount of spam that has > to be processed, but the fear of FPs makes me nervous about using them > in a blocking mode. > > Thanks, > > James. > ------------------------------------------------------------------------------ > Register Now for Creativity and Technology (CaT), June 3rd, NYC. CaT > is a gathering of tech-side developers & brand creativity > professionals. > Meet > the minds behind Google Creative Lab, Visual Complexity, Processing, & > iPhoneDevCamp as they present alongside digital heavyweights like > Barbarian > Group, R/GA, & Big Spaceship. http://p.sf.net/sfu/creativitycat-com > _______________________________________________ > Assp-test mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/assp-test > > > > > DISCLAIMER: > ******************************************************* > This email and any files transmitted with it may be confidential, > legally > privileged and protected in law and are intended solely for the use > of the > > individual to whom it is addressed. > This email was multiple times scanned for viruses. There should be no > known virus in this email! > ******************************************************* > > ------------------------------------------------------------------------------ > Register Now for Creativity and Technology (CaT), June 3rd, NYC. CaT > is a gathering of tech-side developers & brand creativity > professionals. Meet > the minds behind Google Creative Lab, Visual Complexity, Processing, & > iPhoneDevCamp as they present alongside digital heavyweights like > Barbarian > Group, R/GA, & Big Spaceship. http://p.sf.net/sfu/creativitycat-com > _______________________________________________ > Assp-test mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/assp-test ------------------------------------------------------------------------------ Register Now for Creativity and Technology (CaT), June 3rd, NYC. CaT is a gathering of tech-side developers & brand creativity professionals. Meet the minds behind Google Creative Lab, Visual Complexity, Processing, & iPhoneDevCamp as they present alongside digital heavyweights like Barbarian Group, R/GA, & Big Spaceship. http://p.sf.net/sfu/creativitycat-com _______________________________________________ Assp-test mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/assp-test
