Hi there, On Sat, 12 Apr 2008 Dennis Peterson wrote:
> [snip] leaves us with no means to evaluate the message further if > ClamAV is to be a go no-go tool. A work-around is to not use ClamAV > as a go no-go tool and evaluate every message further regardless of > the presence of a virus. I'd prefer to not do that. I would like to > evaluate certain image and scam messages further, though, and of > course the way to do that is to disable that kind of filtering in > ClamAV. And I'd prefer to not do that, too. I'd like all the tools > to contribute to the score of a message and make the go no-go > decision on that score. I'd like all the tools to contribute to the > score of a message and make the go no-go decision on that score. [snip] Have I missed something here? In some situations a simple go/no-go from ClamAV might not be The Right Answer, but I don't see that it's necessary to prevent ClamAV from scanning for any particular type of characteristic to get a better fit to your needs. ClamAV can accept all messages but report its findings. The findings are inserted into the message headers. So you can process the message, and all headers, including those which have been added, using tools capable of scoring, further manipulating headers, content, etc. etc. until you reach some kind of conclusion about it. If necessary you could change the text descriptions of variously undesirable patterns in the ClamAV database to make routing through subsequent tools easier. Sure, it might be a pain, but then I think that might well describe everything we discuss on this List. :( I use MIMEDefang for this sort of more complex mail processing, it's flexible but a little chubby for some situations. There, depending on the headers found, the relatively lightweight 'chainmail' milter adds recipients to incoming mail, and subsequently different milters are called (or the same milters are called but they behave differently) depending on the recipients. Using features to do things for which they weren't designed is a pleasing improvisation. :) -- 73, Ged. _______________________________________________ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
