Clamav-Heuristics - to much false positives

Johannes Treml

New Member
Jun 29, 2023
1
0
1
Hello,

we've some problems with the clamav heuritic-check. A lot of emails with an attachment are blocked in the same way like the picture below. To get this emails inside the "regular" SPAM-Quarantine we raised the score of this filter.

1696407260753.png

Is it possible to configure that filter in a way, that not so much attachments are catched by this filter? What is the "best practise" with this topic?

Thank you.

rgds.
Johannes
 
hi, sorry for the late answer:

can you post the spam headers /logs for the mails?

most often the clamav heuristics will get triggered by encrypted archives (this can be controlled by the "block encrypted archives and documents" toggle in configuration -> virus detector -> options
the only other thing that can be tuned is to whitelist some matches from clamav, see e.g. this thread:

https://forum.proxmox.com/threads/whitelist-clamav.82025/
 

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!