[clamav-users] disabling a database
Al Varnell
alvarnell at mac.com
Thu May 11 06:21:37 UTC 2017
No. A quick search reveals 2,884 signatures that contain "Phishing" and I'm sure there are others. Some are documents, some HTML, but most are e-mail. None are labeled "Heuristics", but it could be argued that some of them are.
-Al-
On Wed, May 10, 2017 at 10:44 PM, crazy thinker wrote:
>
> @AI
>
> For Phishing Only, ClamAV uses Heuristics scanning ?
>
> On 11 May 2017 at 11:10, Al Varnell <alvarnell at mac.com> wrote:
>
>> I could be wrong, but my impression has always been that ClamAV signatures
>> target only Malware and Phishing, while Spam detection is all done using
>> UNOFFICIAL sigs.
>>
>> Sent from Janet's iPad
>>
>> -Al-
>> --
>> Al Varnell
>> Mountain View, CA
>>
>> On May 10, 2017, at 10:11 PM, nobs wrote:
>>> Hi,
>>>
>>> Am 01.05.2017 um 19:19 schrieb Kris Deugau:
>>>>
>>>> With third-party sets, you could walk through the signature names, and
>>>> build some local scripting to split the datasets as you please - I've
>>>> started to do this locally.
>>>
>>> Basically that is what I tried. Maybe I just looked at the wrong places.
>>> Could you give me a hint where to put my fingers?
>>>
>>> To get an idea what I currently do in my email-server:
>>>
>>> 1) checking for spam with SpamAssassin, including some DNSBL and other
>>> external ressources for such things; so I am quite sure I catched
>>> everything "bad" from this perspective
>>>
>>> 2) checking the hash of all attachments against VirusTotal; so I am
>>> quite sure I got all already known malware
>>>
>>> 3) checking against a local instance of ClamAV and submit all reports to
>>> VirusTotal
>>>
>>> The point is now: I don't like to report files with spam to VirusTotal
>>> because it is senseless and a wast of resources.
>>>
>>> Here are the scripts I wrote for that purpose, just in case someone is
>>> interested:
>>>
>>> https://github.com/nobswolf/procmail2virustotal
>>>
>>> I just think it is a good thing to keep spam and viruses separated. So
>>> at least the databases of ClamAV should get a kind of "flag" whether
>>> they catch the one kind or the other. This would make it easier for
>>> post-processing scripts do decide what to do with the results.
>>>
>>> What do you think?
>>>
>>> nobs
>> _______________________________________________
>> clamav-users mailing list
>> clamav-users at lists.clamav.net
>> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
>>
>>
>> Help us build a comprehensive ClamAV guide:
>> https://github.com/vrtadmin/clamav-faq
>>
>> http://www.clamav.net/contact.html#ml
>>
> _______________________________________________
> clamav-users mailing list
> clamav-users at lists.clamav.net
> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml
-Al-
--
Al Varnell
Mountain View, CA
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3569 bytes
Desc: not available
URL: <https://lists.clamav.net/pipermail/clamav-users/attachments/20170510/3593d113/attachment.bin>
More information about the clamav-users
mailing list