John Rudd wrote:
Chr. v. Stuckrad wrote:
I have a 'political problem' with that. We 'drop' knowv viruses into
a quarantine directory without further notice, and only once in years
somebody complained and wanted his virus back :-)
You could even do it as 5 different instances (1 for base clamav sigs, 1
for each of the signature files from sanesecurity, 1 for each of the
signature files from msrbl), and mark them accordingly.
Over here we use MIMEDefang as the glue to tie SpamAssassin, Clamd, etc.
together. MD filters are very customizable (if you can write it in
Perl, you can put it in a MD filter). After our filter calls clamd, we
check the name of the matching signature against a regexp. We only
actually drop messages that trip on known mass-mailer signatures (most
of them have "worm" or "@mm" in the name, depending on who first named
it), and the rest are rejected.
For those who only want to run one instance of clamd, it's easy enough
to do the same thing to separate "real" viruses from spam signatures by
looking for "sanesecurity" or "msrbl".
--
Kelson Vibber
SpeedGate Communications <www.speed.net>
