Clamav-Heuristics - to much false positives

J

Johannes Treml

New Member
Jun 29, 2023
1
0
1
Hello,

we've some problems with the clamav heuritic-check. A lot of emails with an attachment are blocked in the same way like the picture below. To get this emails inside the "regular" SPAM-Quarantine we raised the score of this filter.

1696407260753.png

Is it possible to configure that filter in a way, that not so much attachments are catched by this filter? What is the "best practise" with this topic?

Thank you.

rgds.
Johannes
 
hi, sorry for the late answer:

can you post the spam headers /logs for the mails?

most often the clamav heuristics will get triggered by encrypted archives (this can be controlled by the "block encrypted archives and documents" toggle in configuration -> virus detector -> options
the only other thing that can be tuned is to whitelist some matches from clamav, see e.g. this thread:

https://forum.proxmox.com/threads/whitelist-clamav.82025/
 
You must log in or register to reply here.
Top Bottom