[clamav-users] disabling a database
nobs
nobs at nobswolf.info
Thu May 11 05:11:40 UTC 2017
Hi,
Am 01.05.2017 um 19:19 schrieb Kris Deugau:
>
> With third-party sets, you could walk through the signature names, and
> build some local scripting to split the datasets as you please - I've
> started to do this locally.
Basically that is what I tried. Maybe I just looked at the wrong places.
Could you give me a hint where to put my fingers?
To get an idea what I currently do in my email-server:
1) checking for spam with SpamAssassin, including some DNSBL and other
external ressources for such things; so I am quite sure I catched
everything "bad" from this perspective
2) checking the hash of all attachments against VirusTotal; so I am
quite sure I got all already known malware
3) checking against a local instance of ClamAV and submit all reports to
VirusTotal
The point is now: I don't like to report files with spam to VirusTotal
because it is senseless and a wast of resources.
Here are the scripts I wrote for that purpose, just in case someone is
interested:
https://github.com/nobswolf/procmail2virustotal
I just think it is a good thing to keep spam and viruses separated. So
at least the databases of ClamAV should get a kind of "flag" whether
they catch the one kind or the other. This would make it easier for
post-processing scripts do decide what to do with the results.
What do you think?
nobs
More information about the clamav-users
mailing list