clamav-users May 2010 archive
Main Archive Page > Month Archives  > clamav-users archives
clamav-users: Re: [Clamav-users] excluding signatures on SMTP

Re: [Clamav-users] excluding signatures on SMTP

From: Stephen Gran <steve_at_nospam>
Date: Tue May 11 2010 - 21:35:22 GMT
To: clamav-users@lists.clamav.net

On Tue, May 11, 2010 at 11:27:54PM +0200, Matus UHLAR - fantomas said:
> Hello,
>
> I'm working on code that would prevent rejecting some kinds of signarures at
> SMTP level. For example, phishing reports sent to abuse@ contact should
> pass, even if they contain phishing signatures.
>
> Now I'm curious which patterns to exclude from rejecting:
>
> I'm sure about "Phishing" in signature name but what about "Suspect" ?
> And are there any others I should count with?
>
> I'm not using any 3rd party signatures yet.
>
> ...I know that I can turn off phishing detection using PhishingSignatures
> and/or PhishingScanURLs directives, but that's not what I want.

Why not do selective rejects in your MTA based on the name of the
signature matched? The Phish ones and so on all follow a regular
pattern.

Cheers,
-- -------------------------------------------------------------------------- | Stephen Gran | It is often the case that the man who | | steve@lobefin.net | can't tell a lie thinks he is the best | | http://www.lobefin.net/~steve | judge of one. -- Mark Twain, | | | "Pudd'nhead Wilson's Calendar" | --------------------------------------------------------------------------

_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml