Sanesecurity ClamAV sigs are back. Yay!
Julian Field
MailScanner at ecs.soton.ac.uk
Fri Jan 23 21:35:30 GMT 2009
On 23/1/09 15:38, Alex Broens wrote:
> On 1/23/2009 4:22 PM, Jonas Akrouh Larsen wrote:
>> I've not used sanesecurity so far, because it messes up statistics and
>> generally make it less transparent why a mail was blocked.
>>
>> My problem is I don’t want my system to list a mail as a virus if its
>> "just"
>> a spam or phishing attack.
>>
>> Am I alone with these concerns or have anybody found a "fix" for it?
>>
>> I am using newest mailscanner and mailwatch versions.
>>
>> I'd love to improve my protection with sanesecurity but not at the
>> cost of
>> making my spam/virus stats useless.
>
> agreed, its very confusing to users why an image spam or a 419
> suddenly shows up as "infected"
So don't deliver "infected" email at all, just drop it with the "Silent
Viruses = All-Viruses" setting. Then they never see it and don't worry
about it.
>
>> Let me know what you think.
>
> Not tested under heavy load but ClamAVPlugin allows to tag with ClamAV
> results and let SA do its usual work.
>
> If you're using Clam as only AV, dunno how wise it is, but if you have
> a commercial scanner in place to take care of the real viri, then
> ClamAVPlugin could possibly give you the extra control/stats.
> You could even score depending on descriptions, etc.
>
> See:
> http://wiki.apache.org/spamassassin/ClamAVPlugin
>
>
> Alex
Jules
--
Julian Field MEng CITP CEng
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store
MailScanner customisation, or any advanced system administration help?
Contact me at Jules at Jules.FM
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
PGP public key: http://www.jules.fm/julesfm.asc
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
More information about the MailScanner
mailing list