[Mimedefang] clamav-unofficial-sigs and pyzor

Marcus Schopen lists at localguru.de
Mon Sep 19 02:48:59 EDT 2016


Hi Richard,

Am Montag, den 19.09.2016, 01:23 -0500 schrieb Richard Laager:
> On 09/19/2016 12:46 AM, Marcus Schopen wrote:
> > my be a little bit off topic, but are there any experience with the
> > efficiency of pyzor and clamav-unofficial-sigs
> 
> We use clamav-unofficial-sigs. If clamd triggers, it's a hard fail for
> us, regardless of whether it was a virus or spam rule. We do
> differentiate them for logging and SMTP rejection messages.
> 
> I can't say how much spam would have been blocked anyway by later
> processing (e.g. SpamAssassin), but we have very few (but non-zero over
> the years) false positives. And in our filter, whitelisting does not
> bypass this test; maybe it should, but that's the current setup.

Thank you for your interesting feedback. Did you activate all signatures
or just e.g. sanesecurity sigs? I read activating all signatures turns
clamav into an evil memory monster, while only activating sanesecurity
sigs catches most and doesn't need that much resources.

What about pyzor or razor integration? Do they help or just burn
performance?

Ciao
Marcus






More information about the MIMEDefang mailing list