[clamav-users] Why are the ClamAV team so slow at creating signatures ?
Webmaster
webmaster at securiteinfo.com
Tue Oct 7 05:21:10 UTC 2014
Hi,
> Speaking of SecuriteInfo, is the "High Risk" label deserved
> for the spam_marketing signatures? Have used all the others
> in the Securite list but that one.
Yes, spam_marketing.ndb has high level of false positive. Why ? Because it
focuses french spam/marketing/private selling/special offers/and mailling lists
I haven't subscribe. It also targets scam from Africa or Asia, and other kind
of emails my customers don't want. But some of my customers *wants* to receive
these kind of emails (gasp!).
You can use .ign signatures to suit your needs, or don't use
spam_marketing.ndb at all. It is up to you. Give it a try by offline scanning
your mailboxes and see by yourself what is detected. If you believe some
signatures are generating too many false positives, please contact me off list.
Maybe spam_marketing.ndb needs tuning after all.
Me and my (french) customers are pretty happy with spam_marketing.ndb. They
have a very few spam passing through.
Other signature files I provide have a very low false positive rate.
Best regards,
Arnaud Jacques
SecuriteInfo.com
More information about the clamav-users
mailing list