clamav-users May 2010 archive
Main Archive Page > Month Archives  > clamav-users archives
clamav-users: Re: [Clamav-users] excluding signatures on SMTP

Re: [Clamav-users] excluding signatures on SMTP

From: Matus UHLAR - fantomas <uhlar_at_nospam>
Date: Tue May 11 2010 - 21:52:25 GMT
To: clamav-users@lists.clamav.net

On 11.05.10 23:27, Matus UHLAR - fantomas wrote:
> I'm working on code that would prevent rejecting some kinds of signarures at
> SMTP level. For example, phishing reports sent to abuse@ contact should
> pass, even if they contain phishing signatures.
>
> Now I'm curious which patterns to exclude from rejecting:
>
> I'm sure about "Phishing" in signature name but what about "Suspect" ?
> And are there any others I should count with?

I'm using (perl) regular expressions. What can I expect in spam reports?

\.Phishing
^Email\.
^HTML\.

well, excluding last two gives me only one Phishing. signature:

E-Mail.Phishing.SMT

Can I safely assume that only those above don't include the bad code?

> I'm not using any 3rd party signatures yet.
>
> ...I know that I can turn off phishing detection using PhishingSignatures
> and/or PhishingScanURLs directives, but that's not what I want.

-- Matus UHLAR - fantomas, uhlar_at_fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. REALITY.SYS corrupted. Press any key to reboot Universe. _______________________________________________ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml