On Wed, 14 Apr 2010 16:36:33 -0700 (PDT) john espiro <john_esp...@yahoo.com> wrote:
> Stevan was right... I just dropped in ClamAV and changed the three lines in > dspam.conf, and it just worked. That's 2 for 2 of things just working! > > Now, this might be a question for the clamav forum, but I thought I would ask > here just in case... > > My three options for ClamAVResponse are : reject, accept, spam. > > If I choose spam, th message gets marked as spam, but what if the user marks > it as "not spam"? The message would still get delivered with the virus. > > Shouldn't there be a way to strip out the attachment and leave a note in the > message that clamav deleted the virus? > The problem is that ClamAV could wrongly state that a message or attachment is a virus. Stripping the attachment from the message would then wrongly remove something that is supposed to be delivered. You might think that this could never happen but it does. And ClamAV does not only scan attachments. It is able to scan images, JavaScript, and and and... it is virtualy impossible for DSPAM to know what to strip out of a message. I would strongly suggest to tag virus messages as Spam and let the end user have to relase it from the quarantine if she/he is really thinking to need that message. And since you are using ClamAV I strongly suggest you to add additional signatures to ClamAV. Have a look here -> http://www.sanesecurity.co.uk/ Especially this little script here -> http://www.inetmsg.com/pub/ When selecting additional signautres then I would only take the low risk (and maybe here and there a medium risk) database. For Sanesecurity I would take: doppelstern.hdb junk.ndb jurlbl.ndb phish.ndb rogue.hdb sanesecurity.ftm scam.ndb spamimg.hdb winnow_malware.hdb winnow_malware_links.ndb For SecuriteInfo I would take: honeynet.hdb securiteinfo.hdb vx.hdb For MalwarePatrol I would take: mbl.ndb For MSRBL I would take: MSRBL-SPAM.ndb MSRBL-Images.hdb Using the above additional signatures should +/- tripple the amount of signatures available to ClamAV. > John > -- Kind Regards from Switzerland, Stevan Bajić ------------------------------------------------------------------------------ Download Intel® Parallel Studio Eval Try the new software tools for yourself. Speed compiling, find bugs proactively, and fine-tune applications for parallel performance. See why Intel Parallel Studio got high marks during beta. http://p.sf.net/sfu/intel-sw-dev _______________________________________________ Dspam-user mailing list Dspam-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/dspam-user
