Need help with rule set
MailScanner at ecs.soton.ac.uk
Wed Jul 29 19:47:27 IST 2009
On 29/07/2009 19:22, Jules Field wrote:
> On 29/07/2009 19:03, Mark Nienberg wrote:
>> Mark Sapiro wrote:
>>> The underlying issue is that with SaneSecurity ClamAV signatures, lots
>>> of spam gets processed as a virus and thus gets a virus notice rather
>>> than a spam or high spam action, and this postmaster address gets a
>>> lot of spam, the notices for which drown out the others.
>> I agree this is a nuisance. I deal with it by filtering mail with
>> subject "Virus Detected" into a separate folder at the local mail
>> delivery agent level. True, the folder will receive real virus
>> notifications as well as SaneSecurity detections, but that doesn't
>> bother me too much. A cronjob cleans items older than 10 days out of
>> the folder so it doesn't grow too large. If I haven't read it by
>> then it probably isn't important.
> Have you got any ideas for me to avoid this problem or work around it?
> I could look for sub-strings in the virus report and do something
> appropriate, but what?
Can someone send me the URL of a test message that is caught by ClamAV
by the Sanesecurity phishing signatures? I trap such stuff at SMTP time
myself so haven't got any examples :-(
Need some test data!
Julian Field MEng CITP CEng
Buy the MailScanner book at www.MailScanner.info/store
Need help customising MailScanner?
Need help fixing or optimising your systems?
Need help getting you started solving new requirements from your boss?
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
Follow me at twitter.com/JulesFM and twitter.com/MailScanner
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
More information about the MailScanner