@AI For Phishing Only, ClamAV uses Heuristics scanning ?
On 11 May 2017 at 11:10, Al Varnell <[email protected]> wrote: > I could be wrong, but my impression has always been that ClamAV signatures > target only Malware and Phishing, while Spam detection is all done using > UNOFFICIAL sigs. > > Sent from Janet's iPad > > -Al- > -- > Al Varnell > Mountain View, CA > > On May 10, 2017, at 10:11 PM, nobs wrote: > > Hi, > > > > Am 01.05.2017 um 19:19 schrieb Kris Deugau: > >> > >> With third-party sets, you could walk through the signature names, and > >> build some local scripting to split the datasets as you please - I've > >> started to do this locally. > > > > Basically that is what I tried. Maybe I just looked at the wrong places. > > Could you give me a hint where to put my fingers? > > > > To get an idea what I currently do in my email-server: > > > > 1) checking for spam with SpamAssassin, including some DNSBL and other > > external ressources for such things; so I am quite sure I catched > > everything "bad" from this perspective > > > > 2) checking the hash of all attachments against VirusTotal; so I am > > quite sure I got all already known malware > > > > 3) checking against a local instance of ClamAV and submit all reports to > > VirusTotal > > > > The point is now: I don't like to report files with spam to VirusTotal > > because it is senseless and a wast of resources. > > > > Here are the scripts I wrote for that purpose, just in case someone is > > interested: > > > > https://github.com/nobswolf/procmail2virustotal > > > > I just think it is a good thing to keep spam and viruses separated. So > > at least the databases of ClamAV should get a kind of "flag" whether > > they catch the one kind or the other. This would make it easier for > > post-processing scripts do decide what to do with the results. > > > > What do you think? > > > > nobs > _______________________________________________ > clamav-users mailing list > [email protected] > http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users > > > Help us build a comprehensive ClamAV guide: > https://github.com/vrtadmin/clamav-faq > > http://www.clamav.net/contact.html#ml > _______________________________________________ clamav-users mailing list [email protected] http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
