[SOLVED] Difference between a spam virus and a real virus

facyber

New Member
Sep 9, 2020
23
5
3
Hi everyone,

Is there possibility to make filter rules based on Sanesecurity output for example? Basically we would like to separate the spam viruses which are in some cases just regular spams, and those that are actually virus, that could be detected by Sanesecurity.

Something similar to the this link, only this is for MailScanner implementation.

Cheers!
 
Currently the virus-scanning is pretty much hardcoded in pmg-smtp-filter.
The one thing which gets treated as 'Spam' and not as 'Virus' is matches on 'Heuristics' (this is also used to catch password-protected ZIP files (since they get tagged as Heuristic by ClamAV)

you could consider implementing the checking against sanssecurity with a custom check script:
https://pmg.proxmox.com/pmg-docs/pmg-admin-guide.html#pmgconfig_custom_check

I hope this helps!
 
  • Like
Reactions: facyber
HI Stoiko,

Thanks for the reply. It seems this could be indeed what we need, but we will test it of course.

Cheers!