Hi, Am 01.05.2017 um 19:19 schrieb Kris Deugau: > > With third-party sets, you could walk through the signature names, and > build some local scripting to split the datasets as you please - I've > started to do this locally.
Basically that is what I tried. Maybe I just looked at the wrong places. Could you give me a hint where to put my fingers? To get an idea what I currently do in my email-server: 1) checking for spam with SpamAssassin, including some DNSBL and other external ressources for such things; so I am quite sure I catched everything "bad" from this perspective 2) checking the hash of all attachments against VirusTotal; so I am quite sure I got all already known malware 3) checking against a local instance of ClamAV and submit all reports to VirusTotal The point is now: I don't like to report files with spam to VirusTotal because it is senseless and a wast of resources. Here are the scripts I wrote for that purpose, just in case someone is interested: https://github.com/nobswolf/procmail2virustotal I just think it is a good thing to keep spam and viruses separated. So at least the databases of ClamAV should get a kind of "flag" whether they catch the one kind or the other. This would make it easier for post-processing scripts do decide what to do with the results. What do you think? nobs _______________________________________________ clamav-users mailing list [email protected] http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
