[clamav-users] clamav-users Digest, Vol 150, Issue 19
Reindl Harald
h.reindl at thelounge.net
Fri Jun 2 13:20:54 UTC 2017
Am 02.06.2017 um 08:12 schrieb Al Varnell:
> On Wed, May 31, 2017 at 11:44 PM, Reindl Harald wrote:
>>
>> why i am so emotional about this topic?
>>
>> because *THAT ISSUE* i originally registered on this list and *you* recommended at http://lists.clamav.net/pipermail/clamav-users/2016-July/003111.html "You must disable Heuristics using clamd.conf and clamscan options" while all you guys which recommend that not realizing that it would disable safebrowsings too and so CLAMAV IS BROKEN BY DESIGN as long nobody either makes that crap whitelisteable with ign2-files, removes it completly or make a switch *only* diable that crap without other heuristics
>
> Yes, I remember that very well.
>
> Looks like ClamAV may be taking some action on it, hopefully sooner than later.
>
> In the meanwhile, have you tried using a local.sfp file containing whitelisted pairs?
>
> You could either fill it with "M" records for each pair, e.g.
> M:http://epl.paypal-communication.com/:www.paypal.com
>
> or a Regex formatted "X" record for multiple country codes, e.g.
> X:.+\.paypal-communications\.(de|fr|it|at|ca|be|ch|nl|pl|es|co\.uk|com|com\.(au|cn|hk|my|sg))([/?].*)?:(.+\.)?paypal\.(at|be|ca|ch|co\.uk|de|es|fr|ie|in|it|nl|ph|pl|com|com\.(au|cn|hk|my|sg))([/?].*)?
i solved it with 2 different clamd instances with different scores and a
self-fixed spamassassin-clamav-plugin which don't have it's stuff
hardcoded and supports more then one instance because when we start to
block leigt customer mail i have a red flag and to solve that
*instantly* and not months or years later
More information about the clamav-users
mailing list