On 2016-09-22 12:32, Thomas Barth wrote:
I ve installed clamav-unofficial-sigs by debian package. If this is
not working good enough I will try the installation I found here:
https://github.com/extremeshok/clamav-unofficial-sigs/blob/master/INSTALL
you have to configure it aswell
here i have 2 clamd, one with official signatures, and another with 3dr
party signatures, so both clamd have diffrent database dir
configure the script to only update the unofficial clamd database dir
when this is in place one can use clamav milter to reject from clamd
with official sigs, and another clamav milter to just add virus header
to mail, next with that is to make a header test in spamassassin with a
spam score for 3dr party sigs in clamav
I dont know what is in the zip file. I just have a compressed copy of
the mail. I tried to save the content of the zip boundary part in a
zip file but I get an loading error when opening the zip file. I
suppose it contains a javascript file (name.pdf.js)
just make sure the clamav detect its malware, and you are done, but keep
in mind not reject 3dr party virus :=)
note aswell foxhole is good candidate to be reject besed on, you can
make that happen if using pr sigs scanning in spamassasin header
testing, so spamass-milter will reject it, do not use one clamd and one
clamav-milter for all this
