On Wed, 2006-03-01 at 23:01 -0600, Mar Matthias Darin wrote: > Hello, > > Matt Fretwell writes: > > > Good job I was just testing this rbl with a warn status on the > > mailserver :) > > I 've found using a warn for RBLs to be the best approach. As to the > unofficial sigs.... I'm hold off until more testings is done. I have to > question the integrity of using them in a virus scanner virsus a spam > scanner... I am open to further evaluation on this though...
I don't "trust" a spam signature as much as a virus signature. My clamav is direct on SMTP level and returns a 5xx error if you send me a virus. If I load the unofficial signatures then they will also give my mail messages a 5xx error. I would like to see more like a spamassassin plugin kind of a sollution. So ClamAV is still the AV as it is on the moment and gives away enough reason to issue a 5xx error on every email if it contains a virus. Spamassassin is called and asks ClamSA (a clam spamassassin plugin) loaded with the unofficial signatures if a given message could be a (phishing) spam message. And receive 3 or 4 out of the 5 points. This way we are safe for FP from the unofficial signatures and we get less spam in our inbox. Maurice Lucas TAOS-IT _______________________________________________ http://lurker.clamav.net/list/clamav-users.html
