Hi, > Speaking of SecuriteInfo, is the "High Risk" label deserved > for the spam_marketing signatures? Have used all the others > in the Securite list but that one.
Yes, spam_marketing.ndb has high level of false positive. Why ? Because it focuses french spam/marketing/private selling/special offers/and mailling lists I haven't subscribe. It also targets scam from Africa or Asia, and other kind of emails my customers don't want. But some of my customers *wants* to receive these kind of emails (gasp!). You can use .ign signatures to suit your needs, or don't use spam_marketing.ndb at all. It is up to you. Give it a try by offline scanning your mailboxes and see by yourself what is detected. If you believe some signatures are generating too many false positives, please contact me off list. Maybe spam_marketing.ndb needs tuning after all. Me and my (french) customers are pretty happy with spam_marketing.ndb. They have a very few spam passing through. Other signature files I provide have a very low false positive rate. Best regards, Arnaud Jacques SecuriteInfo.com _______________________________________________ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
