Kris Deugau wrote:
From the problems I'm having with supposedly malformed signatures, it
looks like there's an effective complexity limit; from the problems in
*matching* a signature that's finally been found to be acceptable, it
looks like there's a (lower) limit on what Clam can actually use in
matching.
Any suggestions on what I might be doing wrong?
Not to change the direction on you, but you might want to take advantage
of the work Steve Basford is doing at
http://www.sanesecurity.com/clamav/ for phishing problems, and also look
at http://www.msrbl.com/site/stats for image and spam solutions. Both
sites are providing excellent results on systems I'm running. The
patterns are downloadable and very up to date. I've not had a single
complaint of false positives, and the number of patterns provided is
quite large.
Steve has also written a very useable how-to for creating these patterns.
dp
_______________________________________________
http://lurker.clamav.net/list/clamav-users.html