Dear all,
I'm currently running clamav + amavisd-new for some time, and having read through the arguments on notification here:-
http://lists.clamav.net/lurker/thread/20040922.180416.24842818.en.html
I decided to enforce this notification policy in amavisd-new (slight modification from amavisd-new's default setting):-
1. Anything matching 'Worm' in clamav scan result: discard them, no notifications sent. 2. Default (other malware not matching the above name): notify sender.
Relevant parts in amavisd.conf:- $final_virus_destiny = D_BOUNCE; @viruses_that_fake_sender_maps = (new_RE( qr'Worm'i, # worms as labeled by ClamAV ));
Is this reasonably accurate, i.e. is it safe to assume in general that any clamav identified virus that matches 'Worm' does in fact forge the sender address? Anyone else have better notification rules they can share?
Thanks in advance.
--mendonan "Yang mimpikan secangkir kopi panas dengan selimut.." (Dreaming of a cup of hot coffee, and a blanket..") _______________________________________________ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
