Need help with rule set

Jules Field MailScanner at
Wed Jul 29 19:47:27 IST 2009

On 29/07/2009 19:22, Jules Field wrote:
> On 29/07/2009 19:03, Mark Nienberg wrote:
>> Mark Sapiro wrote:
>>> The underlying issue is that with SaneSecurity ClamAV signatures, lots
>>> of spam gets processed as a virus and thus gets a virus notice rather
>>> than a spam or high spam action, and this postmaster address gets a
>>> lot of spam, the notices for which drown out the others.
>> I agree this is a nuisance.  I deal with it by filtering mail with 
>> subject "Virus Detected" into a separate folder at the local mail 
>> delivery agent level.  True, the folder will receive real virus 
>> notifications as well as SaneSecurity detections, but that doesn't 
>> bother me too much.  A cronjob cleans items older than 10 days out of 
>> the folder so it doesn't grow too large.  If I haven't read it by 
>> then it probably isn't important.
> Have you got any ideas for me to avoid this problem or work around it? 
> I could look for sub-strings in the virus report and do something 
> appropriate, but what?
Can someone send me the URL of a test message that is caught by ClamAV 
by the Sanesecurity phishing signatures? I trap such stuff at SMTP time 
myself so haven't got any examples :-(
Need some test data!

Many thanks,


Julian Field MEng CITP CEng
Buy the MailScanner book at

Need help customising MailScanner?
Contact me!
Need help fixing or optimising your systems?
Contact me!
Need help getting you started solving new requirements from your boss?
Contact me!

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
Follow me at and

This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

More information about the MailScanner mailing list