Am 04.08.2016 um 21:18 schrieb Matus UHLAR - fantomas:
Am 04.08.2016 um 19:47 schrieb Benny Pedersen:reason for this is that make this clamav signature is that its more ram effitive then make native spamasssasin rulesOn 04.08.16 19:50, Reindl Harald wrote:different signatures for different clamd are your friend [root@testserver:/etc/mail/spamassassin]$ cat clamav.cf loadplugin ClamAV clamav.pm full CLAMAV_JNK eval:check_clamav('/run/clamd/clamd-sa.sock') describe CLAMAV_JNK ClamAV detected malware/phishing/junk score CLAMAV_JNK 6.0 full CLAMAV_MLW eval:check_clamav('/run/clamd/clamd.sock') describe CLAMAV_MLW ClamAV detected malware/phishing score CLAMAV_MLW 9.9I'm afraid that running multiple clamd (that's what clamav-milter uses) instances is least memory effective possibility
nopeone clamd with all signatures here has a memory usage of 800 MB, both together have around the same, eahc of them a part of it depending of what signatures they have loaded
"clamd is more RAM effective than a spamassassin rule" si just wrong, that's it - clamd is and never was RAM efefctive and it's memory usage is realted to the amount and size of signatures
what Benny want's is that he can control the type of answers depending on signatures (as far as it#s understandable what he really talks about which isn't easy usually) and that's exactly what you get by split your signatures to multiple instances and score them differently depening of the signature types
the clamav-milter should be *the very last* instance with onnly 100% sure signatures to bypass any shorcurcuit and otehr whitelistings and catch *real malware* end the end of the chain even from normally whitelisted people if their machines got infected
the *real underlying* problem is that there is no chance to get rid of 20 years old samples without a massive amount of work and that it's time that the main/daily signatures are splitted and conditionally loadable
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
