Epicon Elysium <[email protected]> wrote: > There's no email traffic in/out. It's just application traffic through > WAF/ModSecurity. The files itself on the OS level are pretty static. So the > ClamAV is used to scan the filesystem. So basically, I think it's just > reputation rating on the files if any.
I'm struggling to understand what you mean by reputation rating in this context - a file is a file, and short of taking a blanket "anything ending in '.exe' fails" sort of approach, I can't see how you can apply any sort of reputation rating. If you were to try and apply a ".gif is potentially dangerous" approach, then what next ? You scan it and find it matches a malware signature - no different to just scanning it. You scan it and find that it doesn't match anything - now what ? It's scanned clean, but now you are wanting to say that it could still be harmful (just because it's a ".gif"), or it could be clean. > I haven't checked that PolicyD yet. That's for email anyway. _______________________________________________ clamav-users mailing list [email protected] https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
