[clamav-users] Why are the ClamAV team so slow at creating signatures ?
webmaster at securiteinfo.com
Tue Oct 7 01:21:10 EDT 2014
> Speaking of SecuriteInfo, is the "High Risk" label deserved
> for the spam_marketing signatures? Have used all the others
> in the Securite list but that one.
Yes, spam_marketing.ndb has high level of false positive. Why ? Because it
focuses french spam/marketing/private selling/special offers/and mailling lists
I haven't subscribe. It also targets scam from Africa or Asia, and other kind
of emails my customers don't want. But some of my customers *wants* to receive
these kind of emails (gasp!).
You can use .ign signatures to suit your needs, or don't use
spam_marketing.ndb at all. It is up to you. Give it a try by offline scanning
your mailboxes and see by yourself what is detected. If you believe some
signatures are generating too many false positives, please contact me off list.
Maybe spam_marketing.ndb needs tuning after all.
Me and my (french) customers are pretty happy with spam_marketing.ndb. They
have a very few spam passing through.
Other signature files I provide have a very low false positive rate.
More information about the clamav-users