I use the unofficial clamav signature update script from:
https://github.com/extremeshok/clamav-unofficial-sigs
And the resulting databases have been catching a few more spams.
However, recently I had an issue with false positives. Using the
block-report feature I'm able to allow individual mails to get to
recipients - but the sender continues to be flagged by ClamAV.
The script has a whitelist feature. Calling it with the "-w" flag and
the signature name - which is known to ASSP - allows for an override
whitelist to be created (for ClamAV) for that signature. But this is a
manual operation.
Is there an existing feature in ASSP where upon a re-send request,
whitelist add, or other appropriate time I can specify an external
script to be called with the appropriate parameters? Based on my
settings the signature is shown in the subject of the virus-flagged mail as:
"Warning - virus detected: 'MBL_<numbers here>.UNOFFICIAL'"
or shown in the block-report as:
"<date> [TLS-in] [SSL-out] <ip> <sender @> [spam found] virus detected:
'MBL_<numbers here>.UNOFFICIAL' [<original subject>]
--
Daniel
_______________________________________________
Assp-test mailing list
Assp-test@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-test
