alert to Viruses but exclude Sanesecurity.Jurlbl

si458

Renowned Member
Hi All,

im hoping this is a very simple thing, but im having no luck myself so asking for help

ive setup the clamav-unofficial-sigs and it works a treat detecting spam now!

however every single spam being detected as 'Sanesecurity.Jurlbl.RANDOMSTRING.UNOFFICIAL (clamav)' is sending me a notification (i am the admin)

this is perfectly fine, as ive enabled the MBL free list and im getting a few emails being blocked using the MBL list which are infact legit emails
(justeat emails, rightmove house listings, ticketmaster tickets)

but what i would like is to NOT be notified if the virus info contains 'Sanesecurity.Jurlbl' and notified of anything else?

is this possible? or is the a way so clamav detects the 'Sanesecurity.Jurlbl' as SPAM rather than a VIRUS?

Regards

Simon
 
Last edited:
ive setup the clamav-unofficial-sigs and it works a treat detecting spam now!
out of curiosity - do you have numbers for comparison (e.g. actual viruses detected with the unofficial sigs, which were not detected without them?

but what i would like is to NOT be notified if the virus info contains 'Sanesecurity.Jurlbl' and notified of anything else?
follow:
https://docs.clamav.net/faq/faq-ignore.html
to disable the signature
i.e. create `/var/lib/clamav/localallow.ign2` and add the signature to it in a line of its own

I hope this helps!
 
Hi,

before i added in the clamav-unofficial-sigs, i would get spam like mad, about 10 email addresses would get the same spam email,
but after setting up the clamav-unofficial-sigs the odd one spam email might slip through, but the other 9 would be blocked as viruses

the issue i have is i cant IGNORE the signature because that would IGNORE the spam

what i would like is for clamav to detect the email as spam rather than a virus?

another signature today for instance we have - Sanesecurity.Spam.12650.UNOFFICIAL (clamav)
its defo spam as the signature says but because its being scanned by clamav, proxmox is detecting it as a virus rather than spam :(

EDIT: pretty picture below, for last month, this is with 12 domains, with 50 email addresses (we moved our server a few days into october)
Screenshot 2021-11-02 at 10.04.42.png
 
Last edited:
the issue i have is i cant IGNORE the signature because that would IGNORE the spam
This is currently not possible - the only things from ClamAV which are considered towards spam are things matching Heuristics (they get added the Heuristics score)