Sanesecurity ClamAV sigs are back. Yay!

Julian Field MailScanner at
Fri Jan 23 21:35:30 GMT 2009

On 23/1/09 15:38, Alex Broens wrote:
> On 1/23/2009 4:22 PM, Jonas Akrouh Larsen wrote:
>> I've not used sanesecurity so far, because it messes up statistics and
>> generally make it less transparent why a mail was blocked.
>> My problem is I don’t want my system to list a mail as a virus if its 
>> "just"
>> a spam or phishing attack.
>> Am I alone with these concerns or have anybody found a "fix" for it?
>> I am using newest mailscanner and mailwatch versions.
>> I'd love to improve my protection with sanesecurity but not at the 
>> cost of
>> making my spam/virus stats useless.
> agreed, its very confusing to users why an image spam or a 419 
> suddenly shows up as "infected"
So don't deliver "infected" email at all, just drop it with the "Silent 
Viruses = All-Viruses" setting. Then they never see it and don't worry 
about it.
>> Let me know what you think.
> Not tested under heavy load but ClamAVPlugin allows to tag with ClamAV 
> results and let SA do its usual work.
> If you're using Clam as only AV, dunno how wise it is, but if you have 
> a commercial scanner in place to take care of the real viri, then 
> ClamAVPlugin could possibly give you the extra control/stats.
> You could even score depending on descriptions, etc.
> See:
> Alex


Julian Field MEng CITP CEng
Buy the MailScanner book at

MailScanner customisation, or any advanced system administration help?
Contact me at Jules at Jules.FM

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
PGP public key:

This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

More information about the MailScanner mailing list