[Mimedefang] ClamAV + SaneSecurity signatures

Kris Deugau kdeugau at vianet.ca
Thu Sep 18 12:30:34 EDT 2014

Nels Lindquist wrote:
> I've been thinking of experimenting with some of the additional ClamAV
> signatures distributed by SaneSecurity in an attempt to beef up
> malware detection a bit.
> Has anyone done much on this front?  If so, what's your experience?
> Given the way that ClamAV is used in a typical MD setup, I'm really
> only interested in malware detection; I'd prefer to leave phishing,
> spam, etc. detection to SpamAssassin for aggregate scoring rather than
> an all-or-nothing detect and drop policy.

*nod*  That's been my view as well, so on systems that call both I've
set up the ClamAV check to watch for Heuristics.* hits and flag the
message rather than rejecting it right away (as with most other ClamAV
hits).  Further down, after SA has had a go, I take the returned score
and add some points if the flag from earlier is set before finally
deciding if the message was spam or not.

No reason you couldn't do that with any other subset of either native or
third-party ClamAV signatures.


More information about the MIMEDefang mailing list