[clamav-users] ClamAV reputation rating

Al Varnell alvarnell at mac.com
Thu Jun 27 22:11:14 UTC 2019 

The OP is going to have to explain more fully, but I took the question as does ClamXAV consider any reputation ratings that are made by the e-mail systems through which a message transits which are often expressed as spam or malware scores in the header information.

As I said earlier, I believe that consideration of such information is normally accomplished by the user's e-mail reader client or the e-mail ISP's server.

-Al-

On Thu, Jun 27, 2019 at 07:51 AM, Joel Esler (jesler) via clamav-users wrote:
> The short answer is "No".  ClamAV does not do reputation ratings, unless you are talking about a scale of not malicious, heuristic, PUA, and full on malicious.
> 
> But there is not a reputation system, no.  
> 
>> On Jun 26, 2019, at 7:25 PM, Epicon Elysium via clamav-users <clamav-users at lists.clamav.net <mailto:clamav-users at lists.clamav.net>> wrote:
>> 
>> Thank you all for your response.
>> 
>> We're building a PaaS where everything runs on Linux. As part of the security requirements, we have to deploy Antivirus as well. We chose ClamAV in this case. One of the requirement in terms of Antivirus is that we should enable reputation rating. The environment itself is pretty static once deployed. There's no email traffic in/out. It's just application traffic through WAF/ModSecurity. The files itself on the OS level are pretty static. So the ClamAV is used to scan the filesystem. So basically, I think it's just reputation rating on the files if any.
>> 
>> If it doesn't have it, is there any plugins/tools that can be used to achieve that? I haven't checked that PolicyD yet.
>> 
>> Many thanks,
>> Ray
>> 
>> On Mon, Jun 24, 2019 at 11:21 PM Simon Hobson <linux at thehobsons.co.uk <mailto:linux at thehobsons.co.uk>> wrote:
>> Epicon Elysium via clamav-users <epicon.elysium at gmail.com <mailto:epicon.elysium at gmail.com>> wrote:
>> 
>> > Does ClamAV support in enabling the reputation rating? Seems I couldn't find any info when searching for it. There's nothing mentioned in the config file as well.
>> 
>> AIUI no, it doesn't have anything for that.
>> However, a very common setup is use AMaViS to scan mail, with ClamAV as just one of the tools it uses - the other tools can include things like reputation rating (eg sender real-time blacklists and so on).
>> You might also want to have a look at PolicyD (aka Cluebringer) which brings other tools to the party - such as greylisting and quotas.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.clamav.net/pipermail/clamav-users/attachments/20190627/5c2d682f/attachment.htm>

More information about the clamav-users mailing list