[sanesecurity] Re: SaneSecurity Signatures
- From: "Steve Basford" <steveb_clamav@xxxxxxxxxxxxxxxx>
- To: sanesecurity@xxxxxxxxxxxxx
- Date: Tue, 31 May 2016 18:58:42 +0100
On Tue, May 31, 2016 4:41 pm, Sujit Acharyya-choudhury wrote:
Hi Steve,
Thanks for your e-mail. However, I am using clamd to check for virus and
adding the "LOW" SaneSecurity signatures to improve ClamAV, which is not
very useful without SaneSecurity. What you are suggesting I think is
ideal for amavisd-new. However, in our Exim config, we have the following
line:
av_scanner = clamd:193.61.xx.yy 3310
and the machine 193.61.xx.yy is used solely for ClamAV and now for ClamAV
How about this...
http://www.exim.org/exim-html-current/doc/html/spec_html/ch-content_scanning_at_acl_time.html
" New malware type "sock". Talks over a Unix or TCP socket, sending one
command line and matching a regex against the return data for trigger
and a second regex to extract malware_name. The mail spoolfile name can
be included in the command line."
Cheers,
Steve
Web : sanesecurity.com
Blog: sanesecurity.blogspot.com
Twitter: @sanesecurity
Other related posts: