Nels Lindquist wrote: > I've been thinking of experimenting with some of the additional ClamAV > signatures distributed by SaneSecurity in an attempt to beef up > malware detection a bit. > > Has anyone done much on this front? If so, what's your experience? > > Given the way that ClamAV is used in a typical MD setup, I'm really > only interested in malware detection; I'd prefer to leave phishing, > spam, etc. detection to SpamAssassin for aggregate scoring rather than > an all-or-nothing detect and drop policy.
*nod* That's been my view as well, so on systems that call both I've set up the ClamAV check to watch for Heuristics.* hits and flag the message rather than rejecting it right away (as with most other ClamAV hits). Further down, after SA has had a go, I take the returned score and add some points if the flag from earlier is set before finally deciding if the message was spam or not. No reason you couldn't do that with any other subset of either native or third-party ClamAV signatures. -kgd _______________________________________________ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list [email protected] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
