Paul wrote: > On 13 Jun 2008 at 13:12, GrayHat wrote: > >> I've been using for some time now the ClamAV sigs >> from sanesecurity http://www.sanesecurity.com/clamav/ >> (along with the regular ClamAV sigs) and all I can say >> is that they really ROCK adding those sigs helps ASSP >> flagging and rejecting incoming Phish mail (but also >> image and pdf spam) > > Agreed, but the term 'sanesecurity sigs' often includes > the MSRBL sigs which by default are downloaded by the > scripts available on the site.
Incorrect, you have to explicitly add anything other than the saneSecurity sigs. > The MSRBL sigs are much more experimental and have > caused problems, so disable these if you really mustn't > have false positives or a corrupt database. I haven't had a problem with the MSRBl-SPAM sigs. The MSRBL-Images sigs did give me a few false positives back in the day but since they split the lists in April 07 i haven't had a problem. >> and in my experience the rate of false-positives is ZERO > > Mine too for the genuine SS sigs - not so for MSRBL. > > Incidently, has anyone here had experience of any of the > other independent clamav signature sources? I've had the VX sigs loaded for a while but they never flagged anything as far as i remember. Are there others aside from the sane/VX/MSRBL sigs? Kevin ------------------------------------------------------------------------- Check out the new SourceForge.net Marketplace. It's the best place to buy or sell services for just about anything Open Source. http://sourceforge.net/services/buy/index.php _______________________________________________ Assp-user mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/assp-user
