Hi there, If you've been paying even scant attention to the list mail you'll know that I've been doing some testing, particularly of clamd, when it's used for scanning mail.
This is something of side issue, but I'll throw it into the pot to see if anything comes of it. The testing that I'm doing is for more than one purpose; there's clamd itself (that is whether my patched version crashes, or whatever); and there's the milter which feeds it. The milter isn't the one supplied with ClamAV, it's one of my own written in pure Perl and it needs much more thrashing than it's getting at the moment because I need it to be reliable. And now, there's this side issue - which might blossom into something which I think may be more interesting - the potential for an automated submission system for messages which are certainly spam, but for which the databases don't have a matching signature. It could go well beyond that, but right now I don't want to get ahead of myself. There seems to be some kind of a spammer campaign at the moment which uses IPs from all over the planet to attempt to send much the same kind of message. Normally I wouldn't see these messages, they'd be rejected at the CONNECT stage after the connecting IP had been found in nearly a dozen DNS block lists. But I'm desperate for more traffic to test clamd and my milter, so I've configured the milter to allow a message which has already triggered a REJECT response to reach all the way to End Of Message, so that clamd can scan it. Then, after logging the message text, even if clamd says "OK", I'll reject it anyway. If nothing else it might slow them down a little. :) So I'm flagging up quite a few messages which are guaranteed spam, but which aren't in any of the third-party databases that I'm using. The successes are all 'Sanesecurity.Junk.NNNNN', where 'NNNNN' is usually a five-digit number beginning with '5'. The detection success rate is in the region of 35% at present, so I'm collecting ~two out of three. My milter can very easily process these messages, in any way, and then send them, or the results of this processing, in any format and by any means, to anyone who'd like to have that information. Once set up, it could do it all in real time, without manual intervention at my end. Any takers? -- 73, Ged. _______________________________________________ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
