I could be wrong, but my impression has always been that ClamAV signatures target only Malware and Phishing, while Spam detection is all done using UNOFFICIAL sigs.
Sent from Janet's iPad -Al- -- Al Varnell Mountain View, CA On May 10, 2017, at 10:11 PM, nobs wrote: > Hi, > > Am 01.05.2017 um 19:19 schrieb Kris Deugau: >> >> With third-party sets, you could walk through the signature names, and >> build some local scripting to split the datasets as you please - I've >> started to do this locally. > > Basically that is what I tried. Maybe I just looked at the wrong places. > Could you give me a hint where to put my fingers? > > To get an idea what I currently do in my email-server: > > 1) checking for spam with SpamAssassin, including some DNSBL and other > external ressources for such things; so I am quite sure I catched > everything "bad" from this perspective > > 2) checking the hash of all attachments against VirusTotal; so I am > quite sure I got all already known malware > > 3) checking against a local instance of ClamAV and submit all reports to > VirusTotal > > The point is now: I don't like to report files with spam to VirusTotal > because it is senseless and a wast of resources. > > Here are the scripts I wrote for that purpose, just in case someone is > interested: > > https://github.com/nobswolf/procmail2virustotal > > I just think it is a good thing to keep spam and viruses separated. So > at least the databases of ClamAV should get a kind of "flag" whether > they catch the one kind or the other. This would make it easier for > post-processing scripts do decide what to do with the results. > > What do you think? > > nobs _______________________________________________ clamav-users mailing list [email protected] http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
