On Mon, 7 Jun 2010, GrayHat wrote: > I think that it would be a BETTER idea using some regexp so that the > result of the ClamD scan will be checked and in case the hit comes > from a given signature (or type) instead of rejecting the message it > may then be scored; removing signatures just because someone > says "they don't send spam" doesn't sound so good to me and btw > if one doesn't want to block a given domain based on a given sig, > he may just do what I wrote above but w/o impacting other users > which may want to BLOCK what they consider to be spam This can be done but requires a more complex system, something which has some kind of regex engine or scoring system (EG Amavis or spamassassin). I do this using ClamAV and Spamassasin with the ClamAV plugin. I have one instance of ClamAV running the strict clamav.net signatures hooked into my MTA (via milter) to SMTP-reject messages that hit those sigs. I have another instance of ClamAV with the full set of sanesecurity sigs which hooks into Spamassasin with the ClamAV plugin. When those sigs fire Spamassasin 'sees' the results and applies a locally written set of rules to add points. Thus I can modify the resultant classification based upon local policy. -- Dave Funk University of Iowa <dbfunk (at) engineering.uiowa.edu> College of Engineering 319/335-5751 FAX: 319/384-0549 1256 Seamans Center Sys_admin/Postmaster/cell_admin Iowa City, IA 52242-1527 #include <std_disclaimer.h> Better is not better, 'standard' is better. B{