[Mimedefang] Score Clamav Results

Jeff Grossman jeff at stikman.com
Wed May 20 20:33:55 EDT 2009


On 5/20/2009 4:58 PM, Jonas Eckerman wrote:
> Jeff Grossman wrote:
>
>> I am starting to use some third party clamav virus databases and would
>> like to score the results instead of just delete the e-mail which 
>> contains
>> a hit.
>
>
> I'm doing this in a different way. I have to instances of clamd running.
>
> One instance is only running official signatures and have phishing 
> detection turned off, doesn't consider broken zip files as virii, etc. 
> This is used by mimedefang-filter.
>
> The other instance have some third party signature databases added, 
> has phishing detection on, considers triggers on more stuff than the 
> first instance. This instance is used by the SpamAssassin clamav 
> plugin so it contributes to SA scores.
>
>
> I did it in the way you suggests before, but I find this way easier 
> since now I don't have to keep up with the signature namings.
>
>
This is a very interesting way to handle it.  I am going to think about 
it and see if it is something I would be able to figure out.  It 
definitely sounds like it make the maintenance side of things a lot 
easier.  Not having to worry about new signature names, etc.

Thanks for the information.

Jeff



More information about the MIMEDefang mailing list