Sanesecurity ClamAV sigs are back. Yay!
ms-list at alexb.ch
Fri Jan 23 15:38:46 GMT 2009
On 1/23/2009 4:22 PM, Jonas Akrouh Larsen wrote:
> I've not used sanesecurity so far, because it messes up statistics and
> generally make it less transparent why a mail was blocked.
> My problem is I don’t want my system to list a mail as a virus if its "just"
> a spam or phishing attack.
> Am I alone with these concerns or have anybody found a "fix" for it?
> I am using newest mailscanner and mailwatch versions.
> I'd love to improve my protection with sanesecurity but not at the cost of
> making my spam/virus stats useless.
agreed, its very confusing to users why an image spam or a 419 suddenly
shows up as "infected"
> Let me know what you think.
Not tested under heavy load but ClamAVPlugin allows to tag with ClamAV
results and let SA do its usual work.
If you're using Clam as only AV, dunno how wise it is, but if you have a
commercial scanner in place to take care of the real viri, then
ClamAVPlugin could possibly give you the extra control/stats.
You could even score depending on descriptions, etc.
More information about the MailScanner