--- Begin Message ---
Hello,
We had a report that some normal emails from a gmail user would not
reach their destination (users in our org).
It turned out that practically all of that user's mails were classified
as virus infected. In those mails' headers (in the quarantine) I found:
X-Amavis-Alert: INFECTED, message contains virus:
sigs.InterServer.net.HEX.Topline.phisher.email.fros.gmail.760.UNOFFICIAL
and in the log:
Blocked INFECTED
(sigs.InterServer.net.HEX.Topline.phisher.email.fros.gmail.760.UNOFFICIAL)
{DiscardedInbound,Quarantined}
It was very strange, because some of these emails were essentially
empty, sent as test messages.
Question 1: Is there a way to disable checking for that (or any other)
specific virus signature?
Additionally, I see in the virus quarantine that a lot of mail messages
were in fact spam and not virus-infected. Obviously, everything that
clamd discards is classified as virus; yet, some of the clamd signatures
may not target viruses but spam.
In our setup I am using extremeshok.com unofficial sigs. Some of them
may be more offensive than they should.
Question 2: Is there a way to reduce impact of some clamd scans by
forcing a score to such positive tests rather than directly discarding
mail based on their results?
Thanks,
Nick
--- End Message ---
