> There is a SpamAssassin plugin which checks messages with
> ClamAV, which adds the following header to emails
> What I would like to do would be to score the ClamAV
> detection differently depending on whether it was
Your problem is that the ClamAV plugin doesn't add a header as
metadata to the message, so there is no header to check in rules.
Fortunately, you only have to add one single line to the plugin
in order to add the header. This is the line I've added here:
$permsgstatus->{msg}->put_metadata('ClamAV-Result',$header);
It's added directly before the line
and makes it possible to use the header "ClamAV-Result" in rules
(and to get it from the mail object, wich is what I do).
For your rules to work as is you'd want to add it as:
$permsgstatus->{msg}->put_metadata('X-Spam-Virus',$header);
Add the line directly above the line:
return $isspam;
Regards
/Jonas
OliverScott wrote:
There is a SpamAssassin plugin which checks messages with ClamAV, which adds
the following header to emails it processes:
X-Spam-Virus: Yes ($VirusName)
http://wiki.apache.org/spamassassin/ClamAVPlugin
By default you can set a score in its clamav.cf file:
score CLAMAV 10
I am currently testing a 3rd party set of ClamAV definitions from a website
called www.sanesecurity.co.uk which look to be very effective against some
phishing and image spam emails. When it fires on an email the headers the
ClamAV plugin adds are as follows:
X-Spam-Virus: Yes ($Name.Sanesecurity)
What I would like to do would be to score the ClamAV detection differently
depending on whether it was detected by the ClamAV default signatures
(virus) or the Sanesecurity signatures (spam). I have tried adding the
following to local.cf but it doesn't seem to be working:
header __MY_CLAMAV X-Spam-Virus =~ /Yes/i
header __MY_CLAMAV_SANE X-Spam-Virus =~ /Yes.{1,50}Sanesecurity/i
meta MY_CLAMAV (__MY_CLAMAV && !__MY_CLAMAV_SANE)
meta MY_CLAMAV_SANE (__MY_CLAMAV && __MY_CLAMAV_SANE)
score MY_CLAMAV 10
score MY_CLAMAV_SANE 5
Any suggestions?
--
Jonas Eckerman, FSDB & Fruktträdet
http://whatever.frukt.org/
http://www.fsdb.org/
http://www.frukt.org/
