[Mimedefang] MIMEDefang with ClamAV & third party signatures
Ronald Nissley
ronn at emm.org
Mon Feb 23 18:36:16 EST 2009
Has anyone bothered to come up with a way to distinguish between "FOUND"
results from clamd? In addition to ClamAV's virus signatures, we use
third party signatures from Sanesecurity, MSRBL, SecuriteInfo and
MalwarePatrol. We don't really want to give the same weight to positive
results for at least some of the third party signatures. The filter
currently discards anything with a positive/FOUND result from ClamAV.
For now, we trust ClamAV's signatures and want to continue discarding,
but for some of the third party signatures (esp. phishing/spam
-related), we would prefer to quarantine or perhaps delete all
recipients then resend_message to a postmaster-monitored mailbox. I'm
guessing this is fairly trivial, but I'm trying to determine the
cleanest path: mimedefang-filter and/or mimedefang.pl? If you have
already done something similar and wouldn't mind sharing, I would be
very grateful.
Thank you,
Ronald Nissley
More information about the MIMEDefang
mailing list