[SOLVED] Difference between a spam virus and a real virus

[facyber]

Hi everyone,

Is there possibility to make filter rules based on Sanesecurity output for example? Basically we would like to separate the spam viruses which are in some cases just regular spams, and those that are actually virus, that could be detected by Sanesecurity.

Something similar to the this link, only this is for MailScanner implementation.

Cheers!

 

[Stoiko Ivanov]

Currently the virus-scanning is pretty much hardcoded in pmg-smtp-filter.
The one thing which gets treated as 'Spam' and not as 'Virus' is matches on 'Heuristics' (this is also used to catch password-protected ZIP files (since they get tagged as Heuristic by ClamAV)

you could consider implementing the checking against sanssecurity with a custom check script:
https://pmg.proxmox.com/pmg-docs/pmg-admin-guide.html#pmgconfig_custom_check

I hope this helps!

 

[facyber]

HI Stoiko,

Thanks for the reply. It seems this could be indeed what we need, but we will test it of course.

Cheers!

 

[si458]

hi @facyber did you manage to get this working?
i would also like clamav to detect if its

Sanesecurity.Junk

then display it as spam rather than a virus,
currently its just detecting all sanesecurity stuff as a virus and quaranting it
Simon