nobswolf wrote:
Hello,
I just added virus support by ClamAV to my email-server. I am almost
satisfied. It already catched some "zero days".
But I'd like to separate the detection of junk from the detection of
malware. So I'd like to disable the junk detection in ClamAV.
I commented out the Jurl-DB and I tried "PhishingScanURLs false". I
restarted the service. But still it detects spam:
Sanesecurity.Jurlbl.5ac7a2.UNOFFICIAL FOUND
Both Sanesecurity (and several other third-party signature sets) and the
upstream stock signatures mix actual malware with
almost-certainly-unwanted-but-not-actually-malware signatures.
With third-party sets, you could walk through the signature names, and
build some local scripting to split the datasets as you please - I've
started to do this locally.
The other thing you might consider is to modify whatever calls ClamAV to
handle different "viruses" in different ways.
For instance, I've recently set up a secondary Clam instance with both
an extract of third-party signatures, and a handful of local signatures,
to be called from and scored in SpamAssassin instead of called directly
and treated as an absolute yes/no result.
-kgd
_______________________________________________
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/contact.html#ml
