On 2020-04-01 17:36, G.W. Haywood via clamav-users wrote:
My approach would probably be to start with very little in
the signature database(s) and gradually add things which might prove
useful, at the same time excluding anything which might be expected to
be nearly useless in this application, all the time logging verbosely.
I thought about this, but this is gonna be a *long* work.
You might need to put extra intelligence into splitting content from
headers etc. before you pass the data to the scanner.
I guess the above layers (squid+c-icap+squidclamav) already do this.
I imagine you'll want to
set up instrumentation to attempt to measure the performance of the
individual signatures - or at least of the separate databases
You imagine right :)
Any idea how this can be achieved?
bye & Thanks
av.
_______________________________________________
clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/contact.html#ml
