On Thu, 15 Apr 2010 10:20:11 -0700 (PDT) john espiro <john_esp...@yahoo.com> wrote:
> Wow, OK -- am going to go through this email now. > If I receive an email from a user on my whitelist, and there is a virus, the > email then goes to quarantine -- that's the point. > But does that email affect the training? In other words, does dspam process > that email as if it were spam in terms of the tokens adn stuff, or does dspam > not even bother processing it because there was a virus? > DSPAM does not bother processing it since it is a virus. The only way to force DSPAM to learn the message would be to corpusfeed the message. > John > -- Kind Regards from Switzerland, Stevan Bajić > > > > ________________________________ > From: Stevan Bajić <ste...@bajic.ch> > To: dspam-user@lists.sourceforge.net > Sent: Thu, April 15, 2010 2:03:49 AM > Subject: Re: [Dspam-user] Clamav response > > On Wed, 14 Apr 2010 16:36:33 -0700 (PDT) > john espiro <john_esp...@yahoo.com> wrote: > > > Stevan was right... I just dropped in ClamAV and changed the three lines in > > dspam.conf, and it just worked. That's 2 for 2 of things just working! > > > > Now, this might be a question for the clamav forum, but I thought I would > > ask here just in case... > > > > My three options for ClamAVResponse are : reject, accept, spam. > > > > If I choose spam, th message gets marked as spam, but what if the user > > marks it as "not spam"? The message would still get delivered with the > > virus. > > > > Shouldn't there be a way to strip out the attachment and leave a note in > > the message that clamav deleted the virus? > > > The problem is that ClamAV could wrongly state that a message or attachment > is a virus. Stripping the attachment from the message would then wrongly > remove something that is supposed to be delivered. > > You might think that this could never happen but it does. > > And ClamAV does not only scan attachments. It is able to scan images, > JavaScript, and and and... it is virtualy impossible for DSPAM to know what > to strip out of a message. > > I would strongly suggest to tag virus messages as Spam and let the end user > have to relase it from the quarantine if she/he is really thinking to need > that message. > > And since you are using ClamAV I strongly suggest you to add additional > signatures to ClamAV. Have a look here -> http://www.sanesecurity.co.uk/ > > Especially this little script here -> http://www.inetmsg.com/pub/ > > When selecting additional signautres then I would only take the low risk (and > maybe here and there a medium risk) database. > > For Sanesecurity I would take: > doppelstern.hdb > junk.ndb > jurlbl.ndb > phish.ndb > rogue.hdb > sanesecurity.ftm > scam.ndb > spamimg.hdb > winnow_malware.hdb > winnow_malware_links.ndb > > For SecuriteInfo I would take: > honeynet.hdb > securiteinfo.hdb > vx.hdb > > For MalwarePatrol I would take: > mbl.ndb > > For MSRBL I would take: > MSRBL-SPAM.ndb > MSRBL-Images.hdb > > > Using the above additional signatures should +/- tripple the amount of > signatures available to ClamAV. > > > > John > > > -- > Kind Regards from Switzerland, > > Stevan Bajić > > ------------------------------------------------------------------------------ > Download Intel® Parallel Studio Eval > Try the new software tools for yourself. Speed compiling, find bugs > proactively, and fine-tune applications for parallel performance. > See why Intel Parallel Studio got high marks during beta. > http://p.sf.net/sfu/intel-sw-dev > _______________________________________________ > Dspam-user mailing list > Dspam-user@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/dspam-user > > > > ------------------------------------------------------------------------------ Download Intel® Parallel Studio Eval Try the new software tools for yourself. Speed compiling, find bugs proactively, and fine-tune applications for parallel performance. See why Intel Parallel Studio got high marks during beta. http://p.sf.net/sfu/intel-sw-dev _______________________________________________ Dspam-user mailing list Dspam-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/dspam-user
