[clamav-users] disabling a database
Kris Deugau
kdeugau at vianet.ca
Mon May 1 17:19:46 UTC 2017
nobswolf wrote:
> Hello,
>
> I just added virus support by ClamAV to my email-server. I am almost
> satisfied. It already catched some "zero days".
>
> But I'd like to separate the detection of junk from the detection of
> malware. So I'd like to disable the junk detection in ClamAV.
>
> I commented out the Jurl-DB and I tried "PhishingScanURLs false". I
> restarted the service. But still it detects spam:
>
> Sanesecurity.Jurlbl.5ac7a2.UNOFFICIAL FOUND
Both Sanesecurity (and several other third-party signature sets) and the
upstream stock signatures mix actual malware with
almost-certainly-unwanted-but-not-actually-malware signatures.
With third-party sets, you could walk through the signature names, and
build some local scripting to split the datasets as you please - I've
started to do this locally.
The other thing you might consider is to modify whatever calls ClamAV to
handle different "viruses" in different ways.
For instance, I've recently set up a secondary Clam instance with both
an extract of third-party signatures, and a handful of local signatures,
to be called from and scored in SpamAssassin instead of called directly
and treated as an absolute yes/no result.
-kgd
More information about the clamav-users
mailing list