[Mimedefang] RE: [Clamav-users] suspicious classification resulting in false postives
Matthew.van.Eerde at hbinc.com
Matthew.van.Eerde at hbinc.com
Fri Sep 9 12:16:47 EDT 2005
Chris Gauch wrote:
> We are currently running ClamAV (0.86.2) in a Linux Sendmail (8.13.4)
> and MIMEDefang (2.53)
> our logs indicate that over 86 attachments have been
> flagged as "suspicious" by ClamAV 0.86.2 over the past couple of
> days. We're beginning to wonder how many of those "suspicious"
> attachments were actually legit Microsoft documents. Any insight or
> investigation into this issue would be greatly appreciated. Thanks.
MIMEDefang has a "suspicious characters in headers" check. This is unrelated to ClamAV.
A frequently-made customization to mimedefang-filter is to change action_discard to action_bounce for suspicious characters. That at least takes care of false positives. YMMV.
--
Matthew.van.Eerde (at) hbinc.com 805.964.4554 x902
Hispanic Business Inc./HireDiversity.com Software Engineer
More information about the MIMEDefang
mailing list