> > > > The milter I use records the name and time of the found virus/phishing > > file > > in a table. I sort out two lists based on names. > > So, if one particular phish signature is listed in the official ClamAV > database, and is also listed in the user maintained database (phish.ndb), > which one take listing precedence when the message is flagged and logged, > the official sig entry or the user maintained sig entry? > > Bill
I made the executive decision to assume the official list was used first, and if the exploit was not found then subsequent lists were used. If this is true then the report would favor the official list. I'd be pretty disappointed to learn that other lists are checked after a positive was found. Crazier things have happened, tho. I don't doubt there are overlaps in what the lists cover. dp _______________________________________________ http://lurker.clamav.net/list/clamav-users.html
