> > >> BTW, how do you make the stats? Do you run two seperate clamd > > >> instances, one with official databases and the other one with Steve's > > >> sigs only? > > >> > > > > > > The milter I use records the name and time of the found virus/phishing > > > file > > > in a table. I sort out two lists based on names. > > So, if one particular phish signature is listed in the official ClamAV > > database, and is also listed in the user maintained database (phish.ndb), > > which one take listing precedence when the message is flagged and logged, > > the official sig entry or the user maintained sig entry? > > There is no rule because ClamAV treats all loaded signatures with the > same priority. That's why doing such stats with a single clamd instance > may lead to false results. >
That shoots my executive decision all to hell. :) Bottom line is, it works pretty well, and I wasn't too happy in the beginning about using an AV tool for this kind of problem. I've since experimented with using it on those pesky image files in messages that contain little other useful info. It kinda works, but then I discovered MSRBL's list, so I'm taking advantage of it instead. dp _______________________________________________ http://lurker.clamav.net/list/clamav-users.html
