[clamav-users] Why are the ClamAV team so slow at creating signatures ?

Webmaster webmaster at securiteinfo.com
Tue Oct 7 01:21:10 EDT 2014


> Speaking of SecuriteInfo, is the "High Risk" label deserved
> for the spam_marketing signatures?  Have used all the others
> in the Securite list but that one.

Yes, spam_marketing.ndb has high level of false positive. Why ? Because it 
focuses french spam/marketing/private selling/special offers/and mailling lists 
I haven't subscribe. It also targets scam from Africa or Asia, and other kind 
of emails my customers don't want. But some of my customers *wants* to receive 
these kind of emails (gasp!).

You can use .ign signatures to suit your needs, or don't use 
spam_marketing.ndb at all. It is up to you. Give it a try by offline scanning 
your mailboxes and see by yourself what is detected. If you believe some 
signatures are generating too many false positives, please contact me off list. 
Maybe spam_marketing.ndb needs tuning after all.

Me and my (french) customers are pretty happy with spam_marketing.ndb. They 
have a very few spam passing through.

Other signature files I provide have a very low false positive rate.

Best regards,

Arnaud Jacques

More information about the clamav-users mailing list