[sanesecurity] Re: False Positive

• From: Peter <sanesecurity@xxxxxxxxxxxxxxxxx>
• To: sanesecurity@xxxxxxxxxxxxx
• Date: Wed, 31 Aug 2016 15:49:16 +0100

Sujit,
You haven't told us what program is calling clamav, but whitelisting a particular sender would need to be done at that stage - once it has got to clamd, it won't process any mail headers etc.

If you are using clamav-milter, edit /etc/clamav-milter.conf and add a 'Whitelist /path/to/a/file' parameter. Then create that file (ensuring appropriate permissions) and put in it 'From:messagelabs.com' or whatever the sender address/domain is.

If you aren't using clamav-milter, consult the documentation for whatever you are using.

--
Peter


On 30/08/2016 15:54, Sujit Acharyya-choudhury wrote:

Sorry got my answer, modified the master.conf file and commented out junk.ndb
file.

Sujit

-----Original Message-----
From: sanesecurity-bounce@xxxxxxxxxxxxx
[mailto:sanesecurity-bounce@xxxxxxxxxxxxx] On Behalf Of Sujit
Acharyya-choudhury
Sent: 30 August 2016 15:19
To: sanesecurity@xxxxxxxxxxxxx
Subject: [sanesecurity] Re: False Positive

Junk database hitting too many FP for our liking on our system.
I think I will have to stop using the junk database. How do I achieve that?

-----Original Message-----
From: sanesecurity-bounce@xxxxxxxxxxxxx
[mailto:sanesecurity-bounce@xxxxxxxxxxxxx] On Behalf Of Sujit
Acharyya-choudhury
Sent: 26 August 2016 12:32
To: sanesecurity@xxxxxxxxxxxxx
Subject: [sanesecurity] Re: False Positive

Many thanks Steve. I would rather keep junk.ndb and I have added the few
offending signature names to the *.ign2 list. I am sure most of the problem
will go away.

Regards

Sujit

-----Original Message-----
From: sanesecurity-bounce@xxxxxxxxxxxxx
[mailto:sanesecurity-bounce@xxxxxxxxxxxxx] On Behalf Of Steve Basford
Sent: 26 August 2016 12:11
To: sanesecurity@xxxxxxxxxxxxx
Subject: [sanesecurity] Re: False Positive


On Fri, August 26, 2016 11:46 am, Sujit Acharyya-choudhury wrote:

Shall I add something like this
echo "spammanager" >> /var/lib/clamav/local.ign2 and will it work?  I
am not using ClamAV+SaneSecurity with SpamAssassin, I am using ClamAV
as a virus scanner.

That's won't work.

If all the signatures that are hitting so far are Sanesecurity.Junk.xxxxx that
I think the best thing to do is not use junk.ndb database as whole.

or just carry on adding in each signature name that hits into the .ign2 file.

That's one of the issues with having this type of "spam report" that actually
display part of the spam itself, you can work around it with scoring... but if
you don't use scoring :(

Sorry this is a bit of a rushed reply...

Cheers,

Steve
Web : sanesecurity.com
Twitter: @sanesecurity

• Follow-Ups:
  • [sanesecurity] Re: False Positive
    • From: Joel Esler (jesler)

• References:
  • [sanesecurity] False Positive
    • From: Sujit Acharyya-choudhury
  • [sanesecurity] Re: False Positive
    • From: Steve basford
  • [sanesecurity] Re: False Positive
    • From: Sujit Acharyya-choudhury
  • [sanesecurity] Re: False Positive
    • From: Paul Stead
  • [sanesecurity] Re: False Positive
    • From: Steve Basford
  • [sanesecurity] Re: False Positive
    • From: Paul Stead
  • [sanesecurity] Re: False Positive
    • From: Sujit Acharyya-choudhury
  • [sanesecurity] Re: False Positive
    • From: Steve Basford
  • [sanesecurity] Re: False Positive
    • From: Sujit Acharyya-choudhury
  • [sanesecurity] Re: False Positive
    • From: Sujit Acharyya-choudhury
  • [sanesecurity] Re: False Positive
    • From: Sujit Acharyya-choudhury

Other related posts:

• » [sanesecurity] False Positive- Nigel Horne
• » [sanesecurity] Re: False Positive- Steve Basford
• » [sanesecurity] Re: False Positive- Rick Macdougall
• » [sanesecurity] Re: False Positive- Rick Macdougall
• » [sanesecurity] False Positive?- Lyle Giese
• » [sanesecurity] Re: False Positive?- Steve Basford
• » [sanesecurity] False Positive- Peter
• » [sanesecurity] Re: False Positive- McDonald, Dan
• » [sanesecurity] Re: False Positive?- Bill Landry
• » [sanesecurity] Re: False Positive- Bill Landry
• » [sanesecurity] Re: False Positive- Bill Landry
• » [sanesecurity] Re: False Positive?- jef moskot
• » [sanesecurity] Re: False Positive- McDonald, Dan
• » [sanesecurity] Re: False Positive?- MxUptime.com
• » [sanesecurity] Re: False Positive?- Steve Basford
• » [sanesecurity] Re: False Positive?- Peter
• » [sanesecurity] Re: False Positive- Peter
• » [sanesecurity] Re: False Positive- Bill Landry
• » [sanesecurity] False Positive- Serdar GURSU
• » [sanesecurity] False Positive- Serdar GURSU
• » [sanesecurity] Re: False Positive- Steve Basford
• » [sanesecurity] Re: False Positive- Bill Landry
• » [sanesecurity] Re: False Positive- Bill Landry
• » [sanesecurity] Re: False Positive- GrayHat
• » [sanesecurity] Re: False Positive- David B Funk
• » [sanesecurity] Re: False Positive- GrayHat
• » [sanesecurity] False Positive- Serdar GURSU
• » [sanesecurity] Re: False Positive- GrayHat
• » [sanesecurity] Re: False Positive- Bill Landry
• » [sanesecurity] False Positive- Bill Greganti
• » [sanesecurity] Re: False Positive- Bill Landry
• » [sanesecurity] Re: False Positive- Ken A
• » [sanesecurity] False Positive- Sujit Acharyya-choudhury
• » [sanesecurity] Re: False Positive- Steve basford
• » [sanesecurity] Re: False Positive- Sujit Acharyya-choudhury
• » [sanesecurity] Re: False Positive- Paul Stead
• » [sanesecurity] Re: False Positive- Steve basford
• » [sanesecurity] Re: False Positive- Paul Stead
• » [sanesecurity] Re: False Positive- Sujit Acharyya-choudhury
• » [sanesecurity] Re: False Positive- Sujit Acharyya-choudhury

1. Home
2. sanesecurity
3. Archive
4. 08-2016

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---