Hi there, On Tue, 3 Sep 2019, Henrik K wrote:
General comment: Using any third party rules with ClamAV is a gamble, but
Agreed. In fact I'd go further than that. Relying on something like ClamAV is a gamble. If there's a new 0-day just out, there may be no chance of spotting it at all. In my systems ClamAV is the last of the filters, just a tweak in the already heavily weighted probabilities. Of course I'm only talking about scanning mail.
they are very good for scoring with Amavisd/Spamassassin etc. In my setup I don't even trust the official signatures, I just score everything along with SA.
While I'm very happy to trust official signatures, I do something very similar with scores, early in the SMTP conversation. Here, under normal circumstances, ninety-nine point some nines percent of the junk is filtered out by nearly a dozen DNSBLs and a custom GeoIP database. ClamAV flags something as 'FOUND' about once a year, because the other filtering has already taken care of it before clamd even sees it. I found SpamAssassin too complex for my liking, and it absorbed more effort than I felt was justified by its efficacy. Using their mailing list was a most unpleasant experience, although that was some years ago now and things might well have improved. But I do have the luxury of being able to write custom milters; without that, things would most likely be different. -- 73, Ged. _______________________________________________ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
