alert to Viruses but exclude Sanesecurity.Jurlbl

S

si458

Renowned Member
Jun 4, 2010
93
5
73
Wallasey, United Kingdom
www.hestor.com
Hi All,

im hoping this is a very simple thing, but im having no luck myself so asking for help

ive setup the clamav-unofficial-sigs and it works a treat detecting spam now!

however every single spam being detected as 'Sanesecurity.Jurlbl.RANDOMSTRING.UNOFFICIAL (clamav)' is sending me a notification (i am the admin)

this is perfectly fine, as ive enabled the MBL free list and im getting a few emails being blocked using the MBL list which are infact legit emails
(justeat emails, rightmove house listings, ticketmaster tickets)

but what i would like is to NOT be notified if the virus info contains 'Sanesecurity.Jurlbl' and notified of anything else?

is this possible? or is the a way so clamav detects the 'Sanesecurity.Jurlbl' as SPAM rather than a VIRUS?

Regards

Simon
 
Last edited:
si458 said:
ive setup the clamav-unofficial-sigs and it works a treat detecting spam now!
Click to expand...
out of curiosity - do you have numbers for comparison (e.g. actual viruses detected with the unofficial sigs, which were not detected without them?

si458 said:
but what i would like is to NOT be notified if the virus info contains 'Sanesecurity.Jurlbl' and notified of anything else?
Click to expand...
follow:
https://docs.clamav.net/faq/faq-ignore.html
to disable the signature
i.e. create `/var/lib/clamav/localallow.ign2` and add the signature to it in a line of its own

I hope this helps!
 
Hi,

before i added in the clamav-unofficial-sigs, i would get spam like mad, about 10 email addresses would get the same spam email,
but after setting up the clamav-unofficial-sigs the odd one spam email might slip through, but the other 9 would be blocked as viruses

the issue i have is i cant IGNORE the signature because that would IGNORE the spam

what i would like is for clamav to detect the email as spam rather than a virus?

another signature today for instance we have - Sanesecurity.Spam.12650.UNOFFICIAL (clamav)
its defo spam as the signature says but because its being scanned by clamav, proxmox is detecting it as a virus rather than spam :(

EDIT: pretty picture below, for last month, this is with 12 domains, with 50 email addresses (we moved our server a few days into october)
Screenshot 2021-11-02 at 10.04.42.png
 
Last edited:
si458 said:
the issue i have is i cant IGNORE the signature because that would IGNORE the spam
Click to expand...
This is currently not possible - the only things from ClamAV which are considered towards spam are things matching Heuristics (they get added the Heuristics score)
 
You must log in or register to reply here.
Top Bottom