On Thu, 16 Oct 2003, Stefan Schoeman wrote: > I was wondering what it would take to add another database to ClamAV > (something like spam.db) that could also be used in scanning for spam. I
Just FYI, you could do this with MIMEDefang too (you can do it with perl, so you can do it with MIMEDefang...). It should be relatively easy depending on your knowledge of perl. You could use Digest::SHA1 to get a sha1sum of every image/* file attachment. You would know that's an image/* type attachment by either checking the mime type that MD has for each attachment ($type) or by using File::MMagic to check the magic file type (good when the mime type in an e-mail is bogus). Then set it to see if the sha1sum is in a DB_File database you have in /var/spool/MD-Quarantine (or anywhere else readable and writeable by 'defang'). If it is in the database, set a global variable (who's default is 0) like $inspamimagedb = 1, then in filter_end() where the SA routines are: $score += 100 if $inspamimagedb; When you get a new spam that has an image in it, save it to a file. Write a perl script (also using Digest::SHA1 and DB_File) to add the sha1sum of that file to the database. It wouldn't be major, but this setup may actually require less load on your system because you'd only be checking image attachments, vs. scanning every e-mail and every attachment in it with clamd using the contents of viruses.db, viruses.db2, and your spam image database. Then again, generating a sha1sum of every image may add load, depending on how many images come through your mail server... Jason -- Jason Englander <[EMAIL PROTECTED]> 394F 7E02 C105 7268 777A 3F5A 0AC0 C618 0675 80CA ------------------------------------------------------- This SF.net email is sponsored by OSDN developer relations Here's your chance to show off your extensive product knowledge We want to know what you know. Tell us and you have a chance to win $100 http://www.zoomerang.com/survey.zgi?HRPT1X3RYQNC5V4MLNSV3E54 _______________________________________________ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
