Using ClamAV to find spam
mailscanner at eltofts.homelinux.com
Fri Aug 3 00:44:20 IST 2007
Scott Silva wrote:
> Andy Wright spake the following on 8/2/2007 4:09 PM:
>> Brent Addis wrote:
>>> Try the clamav spamassassin plugin. If your spam scores high enough it
>>> shouldn't be virus scanned and won't scew your stats.
>>> has an example about halfway through the comments at the bottom.
>>> From: mailscanner-bounces at lists.mailscanner.info on behalf of Andy Wright
>>> Sent: Fri 3/08/2007 10:42 a.m.
>>> To: mailscanner at lists.mailscanner.info
>>> Subject: Using ClamAV to find spam
>>> Hi list,
>>> I've enabled the "ClamAV Full Message Scan" option and installed the
>>> sanesecurity sigs. Clam is nicely finding loads (and loads... and
>>> loads...!) of spam, but of course is causing all these messages to be
>>> tagged as Virused. This is making my MailWatch screen a sea of red and
>>> skewing the stats such that I appear to be receiving loads of viruses
>>> instead of spam.
>>> Is it possible to get MailScanner to look at the report from ClamAV and
>>> determine if the message is really spam rather than virused ?
>>> MailScanner mailing list
>>> mailscanner at lists.mailscanner.info
>>> Before posting, read http://wiki.mailscanner.info/posting
>>> Support MailScanner development - buy the book off the website!
>> Hi Brent,
>> thanks for the suggestion, although I'm reluctant to add yet more
>> plugins - most of the spams are already being scored at 20+ (how high
>> does this have to get before virus scanning is skipped?)
>> I guess what I'm after is a way for MailScanner to handle things
>> differently if the return from ClamAV is "Email.*, Html.*" etc Now that
>> Clam seems to be more than just a *virus* finder might it make sense for
>> MailScanner to look more closely at the returned result ? Maybe an
>> excuse for Julian to up the options well beyond the 300 mark ?!
> AFAIK all their signatures give sanesecurity in their responses. Maybe an
> option to look for this and just give spam scores.
> For me, I don't really care right now what stops them, as long as it doesn't
> go to the users. Maybe later if I start reporting ratios to someone, I might.
Most do, but there are a few along the lines of "Email.Phising.RB-1221"
I do report results to clients so this would be a nice thing to be able
More information about the MailScanner