Hi,
after checking the decoded signature I tried to whitelist the signature
as described on your website
https://www.securiteinfo.com/services-cybersecurite/anti-spam-anti-virus/whitelisting_clamav_signatures.shtml
One line of the decoded sig was like DECODED SIGNATURE: d o c s . g o o
g l e . c o m
(added spaces because the mail is beeing refused when it just contains
that domain name)
Google docs under general suspicion :-)
After restarting the clamav-daemon it has found another MBL_xxxxxxxxx
with the same decoded signature. I dont know how many virus names for
that domain exist. Because it can take up to a minute to check the
"virusmail" (cpu too slow?) So I better ask again if I really do have to
whitelist all the virus names one by one.
Thomas B
_______________________________________________
clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users
Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation
https://docs.clamav.net/#mailing-lists-and-chat
