[clamav-users] Automated submissions to third party databases?
G.W. Haywood
clamav at jubileegroup.co.uk
Tue Sep 3 12:15:42 UTC 2019
Hi there,
On Tue, 3 Sep 2019, Henrik K wrote:
> General comment:
>
> Using any third party rules with ClamAV is a gamble, but
Agreed. In fact I'd go further than that. Relying on something like
ClamAV is a gamble. If there's a new 0-day just out, there may be no
chance of spotting it at all. In my systems ClamAV is the last of the
filters, just a tweak in the already heavily weighted probabilities.
Of course I'm only talking about scanning mail.
> they are very good for scoring with Amavisd/Spamassassin etc. In my
> setup I don't even trust the official signatures, I just score
> everything along with SA.
While I'm very happy to trust official signatures, I do something very
similar with scores, early in the SMTP conversation. Here, under
normal circumstances, ninety-nine point some nines percent of the junk
is filtered out by nearly a dozen DNSBLs and a custom GeoIP database.
ClamAV flags something as 'FOUND' about once a year, because the other
filtering has already taken care of it before clamd even sees it.
I found SpamAssassin too complex for my liking, and it absorbed more
effort than I felt was justified by its efficacy. Using their mailing
list was a most unpleasant experience, although that was some years
ago now and things might well have improved. But I do have the luxury
of being able to write custom milters; without that, things would most
likely be different.
--
73,
Ged.
More information about the clamav-users
mailing list