[Mimedefang] clamav-unofficial-sigs and pyzor

Dianne Skoll dfs at roaringpenguin.com
Mon Sep 19 08:36:06 EDT 2016


On Mon, 19 Sep 2016 07:46:11 +0200
Marcus Schopen <lists at localguru.de> wrote:

> my be a little bit off topic, but are there any experience with the
> efficiency of pyzor and clamav-unofficial-sigs [1].

No comment on pyzor because I don't use it, but some of the
clamav-unofficial-sigs are useful.  We use the following data sets:

   phish.ndb
   rogue.hdb
   sanesecurity.ftm
   winnow_malware.hdb
   winnow_malware_links.ndb

We find the others have unacceptably-high false-positive rates, and
even the ones above occasionally get a bad signature that produces annoying
false-positives.

Regards,

Dianne.



More information about the MIMEDefang mailing list