Tom Shaw wrote: > At 2:37 PM -0700 4/6/09, Bill Landry wrote: >> James Ferreira wrote: >>> Thank you, I see the naming has changed. This works great but I still >>> get spam marked as Blocked INFECTED quarantine: virus-####### >>> >>> I have never seen it work otherwise so maybe that is just the way it >>> is? >> >> It really depends on what the virus name is and how you've setup your >> map to handle them. I use a very simple and generic map in my >> amavisd.conf file, since I want all non-virus messages to be delivered >> to SpamAssassin for bayes learning and spam scoring. >> >> Here is what I use: >> >> @virus_name_to_spam_score_maps = >> (new_RE( [ qr'(Sanesecurity)' => 7.5 ], >> [ qr'(MSRBL)' => 7.5 ], >> [ qr'(SecuriteInfo)' => 7.5 ], >> [ qr'(MBL)' => 7.5 ], >> [ qr'(winnow)' => 7.5 ], >> [ qr'(Safebrowsing)' => 7.5 ], >> )); >> > > Interesting. Bill, what was your rationale on not including heuristic > phish detected by clamd? > > Just wondering, Hmmm, I guess because I didn't think about it - but thanks for the hint. I've now changed to this in amavisd.conf: @virus_name_to_spam_score_maps = (new_RE( [ qr'Sanesecurity' => 0 ], [ qr'MSRBL' => 0 ], [ qr'SecuriteInfo' => 0 ], [ qr'MBL' => 0 ], [ qr'winnow' => 0 ], [ qr'Safebrowsing' => 0 ], [ qr'^Email' => 0 ], [ qr'^HTML' => 0 ], )); With this in ClamAV.cf (in the ~/spamassassin directory): header AV_SS X-Amavis-AV-Status =~ m{Sanesecurity} header AV_MSRBL X-Amavis-AV-Status =~ m{MSRBL} header AV_MBL X-Amavis-AV-Status =~ m{MBL} header AV_SI X-Amavis-AV-Status =~ m{SecuriteInfo} header AV_WN X-Amavis-AV-Status =~ m{winnow} header AV_SB X-Amavis-AV-Status =~ m{Safebrowsing} header AV_CAV X-Amavis-AV-Status =~ m{\bAV:Email|\bAV:HTML} score AV_SS 7.5 score AV_MSRBL 7.5 score AV_MBL 7.5 score AV_SI 7.5 score AV_WN 7.5 score AV_SB 7.5 score AV_CAV 7.5 This configuration is based on the link that Henrik Krohns included in his email on this subject. This has only been running for the past few hours, but seems to be working fine thus far. Bill