Re: [gentoo-dev] [infra] Anti-spam changes: removal of malware patrol and other older ClamAV rules
On 2020-09-11 15:09, Robin H. Johnson wrote: > Hi, > > As a result of a recent high-impact [1] false positive spam detection in > Gentoo mail, we've disabled using the MalwarePatrol ruleset in Clamav > for spam detection for all inbound mail to @gentoo.org > All of these services produce killer false positives eventually. If you're using amavisd-new, you can score them instead of reject outright: @virus_name_to_spam_score_maps = (new_RE( [ qr'^MBL_.*' => 4.0 ], )); That doesn't totally fix the problem, but if the message is otherwise pristine (no blacklists, etc.) then a MalwarePatrol hit won't be fatal.
[gentoo-dev] [infra] Anti-spam changes: removal of malware patrol and other older ClamAV rules
Hi, As a result of a recent high-impact [1] false positive spam detection in Gentoo mail, we've disabled using the MalwarePatrol ruleset in Clamav for spam detection for all inbound mail to @gentoo.org All other old rulesets that haven't seen an update in more than 1 year were also cleaned out, as they seem to be no longer available upstream or explicitly no longer updated. [1] Notably, MalwarePatrol's basic subscription got an entry matching any mail with "https://docs.google.com"; in it, which ended up blocking some mail about GSOC payments this year. Upstream MalwarePatrol provides minimal workarounds for that only: see "False positives" on: https://www.malwarepatrol.net/non-commercial/ -- Robin Hugh Johnson Gentoo Linux: Dev, Infra Lead, Foundation Treasurer E-Mail : robb...@gentoo.org GnuPG FP : 11ACBA4F 4778E3F6 E4EDF38E B27B944E 34884E85 GnuPG FP : 7D0B3CEB E9B85B1F 825BCECF EE05E6F6 A48F6136 signature.asc Description: PGP signature