I have found SaneSecurity definitions to be VERY good - they hit about 60% of my SPAM which is incredible given that they only match exact results (they are not fuzzy). However this high percentage may be beacuse I am based in the UK as is the author of the sanesecurity definitions. Also they tend to hit already high scoring spam so they arn't a miracle spam fighting measure though they are good.
My biggest concern was over possible false positives given that there is only one person working on these definitions unlike the official ClamAV signatures... However I have yet to have any problems with them in the month that I have been using them. There are also two other sets of ClamAV signatures which I am now testing (though these are not as good IMHO): http://www.malware.com.br/ (various formats including ClamAV) http://www.msrbl.com/site/ (ClamAV as well as RBLs) As a solution to my own concerns over false positives I have changed from virus scanning at SMTP time and have moved to using the ClamAV SpamAssassin plugin: http://wiki.apache.org/spamassassin/ClamAVPlugin Rather than using the standard clamav.cf I have written my own which gives different scores depending on what ClamAV signature found somthing: loadplugin ClamAV clamav.pm full CLAMAV eval:check_clamav() describe CLAMAV Clam AntiVirus detected something... score CLAMAV 0.001 # Look for specific types of ClamAV detections header __CLAMAV_PHISH X-Spam-Virus =~ /Yes.{1,20}Phishing/i header __CLAMAV_SANE X-Spam-Virus =~ /Yes.{1,20}Sanesecurity/i header __CLAMAV_MBL X-Spam-Virus =~ /Yes.{1,20}MBL/ header __CLAMAV_MSRBL X-Spam-Virus =~ /Yes.{1,20}MSRBL/ # Give the above rules a very late priority so that they can see the output # of previous rules - otherwise they don't work! priority __CLAMAV_PHISH 9999 priority __CLAMAV_SANE 9999 priority __CLAMAV_MBL 9999 priority __CLAMAV_MSRBL 9999 # Work out what ClamAV detected and score accordingly meta CLAMAV_VIRUS (CLAMAV && !__CLAMAV_PHISH && !__CLAMAV_SANE && !__CLAMAV_MBL && !__CLAMAV_MSRBL) describe CLAMAV_VIRUS Virus found by ClamAV default signatures score CLAMAV_VIRUS 20.0 meta CLAMAV_PHISH (CLAMAV && __CLAMAV_PHISH && !__CLAMAV_SANE) describe CLAMAV_PHISH Phishing email found by ClamAV default signatures score CLAMAV_PHISH 10.0 meta CLAMAV_SANE (CLAMAV && __CLAMAV_SANE) describe CLAMAV_SANE SPAM found by ClamAV SaneSecurity signatures score CLAMAV_SANE 7.5 meta CLAMAV_MBL (CLAMAV && __CLAMAV_MBL) describe CLAMAV_MBL Malware found by ClamAV MBL signatures score CLAMAV_MBL 7.5 meta CLAMAV_MSRBL (CLAMAV && __CLAMAV_MSRBL) describe CLAMAV_MSRBL SPAM found by ClamAV MRSBL signatures score CLAMAV_MSRBL 2.0 Hope this is of some help to someone... -- View this message in context: http://www.nabble.com/My-bash-script-to-upload-PDFinfo-daily%2C-safely-tf4115144.html#a11732078 Sent from the SpamAssassin - Users mailing list archive at Nabble.com.
