I hope you mean CentOS 6.2, not 2.6!
You still haven't said what software is passing your mail to clamd
though - on its own it will not intercept anything, so something must be
calling it! (Admittedly that's a bit off-topic on this list, but it is
where you need to be looking)
But if you are happy to just remove the whole junk.ndb instead of
whitelisting the particular sender/recipient, that's fine.
Cheers
--
Peter
On 31/08/2016 16:22, Sujit Acharyya-choudhury wrote:
I am using clamav on CentOS 2.6. I start/stop clamd using /etc/init.d/clamd
and the signatures are in /var/lib/clamav.
What I did in order not use junk.ndb was to comment out junk.ndb in
/etc/clamav-unofficial-sigs/master.conf.
This file is read, when /usr/local/bin/clamav-unofficial-sigs.sh is called.
The delay is in-built.
I also deleted junk.ndb from /var/lib/clamav.
Regards
Sujit
-----Original Message-----
From: sanesecurity-bounce@xxxxxxxxxxxxx
[mailto:sanesecurity-bounce@xxxxxxxxxxxxx] On Behalf Of Joel Esler (jesler)
Sent: 31 August 2016 16:11
To: sanesecurity@xxxxxxxxxxxxx
Subject: [sanesecurity] Re: False Positive
It definitely helps if you share your fix back with the list, as it may help
others in the future.
On Aug 31, 2016, at 10:49 AM, Peter <sanesecurity@xxxxxxxxxxxxxxxxx>wrote:
particular sender would need to be done at that stage - once it has got to
Sujit,
You haven't told us what program is calling clamav, but whitelisting a
clamd, it won't process any mail headers etc.
'Whitelist /path/to/a/file' parameter. Then create that file (ensuring
If you are using clamav-milter, edit /etc/clamav-milter.conf and add a
appropriate permissions) and put in it 'From:messagelabs.com' or whatever
the sender address/domain is.
you are using.
If you aren't using clamav-milter, consult the documentation for whatever
junk.ndb
--
Peter
On 30/08/2016 15:54, Sujit Acharyya-choudhury wrote:
Sorry got my answer, modified the master.conf file and commented out
that?file.
Sujit
-----Original Message-----
From: sanesecurity-bounce@xxxxxxxxxxxxx
[mailto:sanesecurity-bounce@xxxxxxxxxxxxx] On Behalf Of Sujit
Acharyya-choudhury
Sent: 30 August 2016 15:19
To: sanesecurity@xxxxxxxxxxxxx
Subject: [sanesecurity] Re: False Positive
Junk database hitting too many FP for our liking on our system.
I think I will have to stop using the junk database. How do I achieve
problem-----Original Message-----
From: sanesecurity-bounce@xxxxxxxxxxxxx
[mailto:sanesecurity-bounce@xxxxxxxxxxxxx] On Behalf Of Sujit
Acharyya-choudhury
Sent: 26 August 2016 12:32
To: sanesecurity@xxxxxxxxxxxxx
Subject: [sanesecurity] Re: False Positive
Many thanks Steve. I would rather keep junk.ndb and I have added the few
offending signature names to the *.ign2 list. I am sure most of the
thatwill go away.
Regards
Sujit
-----Original Message-----
From: sanesecurity-bounce@xxxxxxxxxxxxx
[mailto:sanesecurity-bounce@xxxxxxxxxxxxx] On Behalf Of Steve Basford
Sent: 26 August 2016 12:11
To: sanesecurity@xxxxxxxxxxxxx
Subject: [sanesecurity] Re: False Positive
On Fri, August 26, 2016 11:46 am, Sujit Acharyya-choudhury wrote:
Shall I add something like thisThat's won't work.
echo "spammanager" >> /var/lib/clamav/local.ign2 and will it work? I
am not using ClamAV+SaneSecurity with SpamAssassin, I am using ClamAV
as a virus scanner.
If all the signatures that are hitting so far are Sanesecurity.Junk.xxxxx
file.I think the best thing to do is not use junk.ndb database as whole.
or just carry on adding in each signature name that hits into the .ign2
actuallyThat's one of the issues with having this type of "spam report" that
but ifdisplay part of the spam itself, you can work around it with scoring...
you don't use scoring :(
Sorry this is a bit of a rushed reply...
Cheers,
Steve
Web : sanesecurity.com
Twitter: @sanesecurity
