>> Given that a large proportion of the Sanesecurity sigs detect spam, >> phishing, and other junk >> mail (and folks use them as such), wouldn't it be useful to include a >> standard spam test >> signature by default? > > It seems to be very controversial if ClamAV should include signatures > for other things than classic malware. Why not have some kind of > classification of the signatures and let us control what we download > via Freshclam?
Hi, Just to clear up any confusion: 1) GTUBE isn't in ClamAV official signatures 2) GTUBE isn't in Sanesecurity signatures but later *may* have a separate Sanesecurity distributed gtube.ndb file that people can specify to use, probably not by default. 3) Sanesecurity signatures aren't available by freshclam 4) classification... a) Offical sigs: could be news soon: "We are in the process of streamlining our signatures names (we will have an announcement soon)" Source: http://www.gossamer-threads.com/lists/clamav/users/57914#57914 b) Sanesecurity... most database names reflect what type of stuff it's going to block. Phish.ndb confusingly though.. does block malware and phishing but the signature names DO reflect what it hasblocked. rogue.hdb does block *very* new malware received.. if you want to know more about the current databases: http://sanesecurity.com/usage/signatures/ If people want different classifications/GTUBE support on Sanesecurity sigs, we can discuss on the Sanesecurity list, so it's not polluting things here. Cheers, Steve Sanesecurity _______________________________________________ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
