-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi
Like a lot of users I suspect, I use ClamAV to search within archives for generic filename patterns (or other characteristics) specified in a .zmd file. Like some, I use clamdscan through amavis and rescore some types of hits that conceivably might be a false positive as a number of spam points. Unfortunately the .zmd/.rmd file appears to take precedence over particular signatures, so the archive rules hit *instead of* detection of, for example, a specific Zeus variant. I'm all for minimising CPU usage where possible, but actually in combination with SpamAssassin this situation of having generic detection first rather than an immediate quarantine can require more CPU. Security is of course more of a priority, and also the current behaviour makes it harder to find samples that aren't detected by the current signatures. Is it possible to configure ClamAV to only do the archive .zmd/.rmd tests after other more specific tests pass OK? I was wondering whether to file this as a RFE. Thanks CK -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBAgAGBQJUW00OAAoJEN5s/jLcInyIdw4QAI7+DOzA0bmadlMvgZeKZ2nr SmnMYiNpq/Imt/jLSDlxSuy3LYx+8ZQHfZmmGUG9bM4Ov5MSJWYc0dWdKbb2588k DN9PiNvLLWZg+mHvVyqjk/UkfJS7YUNK7POzXYZUxk/5jX67WVA/B/K8WYqWKuo5 S6330gDh5SsuV3xYvjrhBSCWYS4XgAq+lnfN6cp5zUhOyQLnt/unSbGvSzW84/X6 4dbiiSLeCuva8LOxwFb+qbE9H6WuLt9l8FnFII9nzGOF1LvGGHIgIuaIKu6g/E0w 5mQuZzImtByu73X7nGztEv/MFI3dzgyoYPhtZ94cmlWD9Qm6rF4NkVy9CDzjr2T4 sWxuvxUJ5sZPZnoQGxQz5hNK2J06uWG5rk3bkAbo+RtboJMMRm+TQdZF6hUy0R+y 5sqa3jj4ZAOjNYyXXmRUOhPjwbUmyCPZIrnETuR9oi2/lVsjZ56eCAn2o5w0s69r hCJNfcRFZn4EOW6NNtBQr+ytrLKyJsNNW/ZX2km+AXW09JRh42xElisq7DddxQl5 IOYp54BtQWueXiXRTbRQY/AvJK4JlWBtUQhLuJkkaRBmqEycnN+A/n3j/saPujFw Vc61YacHUJ1z1uOFvvLlxai9wX/YsE8m1oVd4w2RdTTc4l6QbxbW24gMRoA868XL f0uEYfRFMAGPADzgfXvS =eWDZ -----END PGP SIGNATURE----- _______________________________________________ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
