What about spamassassin? Wouldn't spamassassin and its databases not be the better way? I made good experiences with spamassassin on my mail servers.
My configuration was a little bit weired, I admit. As I was using spamassassin and clamav together, it was very effective. Note, that I never used amavis, which most people are using this way. In my configuration besides of strict postfix rules, I piped everything first through spamassassin (with bogofilter and all the other good stuff), and then what was not rejected by spamassassin through clamav - directlly from spamassassin's output into clamav input - no amavis. This worked very well after a good learning phase. But I guess, you are doing this already. If so, just aplogize my noise. Happy hacking! Hans > Spam e-mails like these that contain a zip with a windows executable > can easily be blocked based on file extension using the foxhole rules > for clamav (http://sanesecurity.com/foxhole-databases/). And clamav > can probably also be used to automatically clean the bug archive of > such messages. > > > Kind regards, > > Jeroen Dekkers