I am using clamav as our virus scanner on our mail gateway (exim). This
seems to discard lot of e-mails. Is there any benefit of using clamav
for spamassassin from Sanesecurity?

Regards

Sujit =20

-----Original Message-----
From: OliverScott [mailtoliver@fhsinternet.com]=20
Sent: 24 July 2007 14:44
To: users@spamassassin.apache.org
Subject: Re: Problem with clamav plugin


You need to set a high priority for the meta rules as otherwise they are
evaluated BEFORE the ClamAV plugin is used (I think?). I am not an
expert in
how SA works, but I eventually came up with the following solution (for
using several different 3rd party clamav signatures):

This is my clamav.cf file:

loadplugin ClamAV clamav.pm=20
full CLAMAV eval:check_clamav()=20
describe CLAMAV Clam AntiVirus detected something...=20
score CLAMAV 0.001=20

# Look for specific types of ClamAV detections=20
header __CLAMAV_PHISH X-Spam-Virus =3D~ /Yes.{1,20}Phishing/i=20
header __CLAMAV_SANE X-Spam-Virus =3D~ /Yes.{1,20}Sanesecurity/i=20
header __CLAMAV_MBL X-Spam-Virus =3D~ /Yes.{1,20}MBL/=20
header __CLAMAV_MSRBL X-Spam-Virus =3D~ /Yes.{1,20}MSRBL/=20

# Give the above rules a very late priority so that they can see the
output=20
# of previous rules - otherwise they don't work! Not sure what the
correct
# priority should be but this seems to work...
priority __CLAMAV_PHISH 9999=20
priority __CLAMAV_SANE 9999=20
priority __CLAMAV_MBL 9999=20
priority __CLAMAV_MSRBL 9999=20

# Work out what ClamAV detected and score accordingly=20
meta CLAMAV_VIRUS (CLAMAV && !__CLAMAV_PHISH && !__CLAMAV_SANE &&
!__CLAMAV_MBL && !__CLAMAV_MSRBL)=20
describe CLAMAV_VIRUS Virus found by ClamAV default signatures=20
score CLAMAV_VIRUS 20.0=20

meta CLAMAV_PHISH (CLAMAV && __CLAMAV_PHISH && !__CLAMAV_SANE)=20
describe CLAMAV_PHISH Phishing email found by ClamAV default signatures=20
score CLAMAV_PHISH 10.0=20

meta CLAMAV_SANE (CLAMAV && __CLAMAV_SANE)=20
describe CLAMAV_SANE SPAM found by ClamAV SaneSecurity signatures=20
score CLAMAV_SANE 7.5=20

meta CLAMAV_MBL (CLAMAV && __CLAMAV_MBL)=20
describe CLAMAV_MBL Malware found by ClamAV MBL signatures=20
score CLAMAV_MBL 7.5=20

meta CLAMAV_MSRBL (CLAMAV && __CLAMAV_MSRBL)=20
describe CLAMAV_MSRBL SPAM found by ClamAV MRSBL signatures=20
score CLAMAV_MSRBL 2.0=20



In your case you could fix what you have done (which looks to be taken
from
one of my previous messages while trying to get this to work myself?) by
making it:

header __MY_CLAMAV X-Spam-Virus =3D~ /Yes/i
priorty __MY_CLAMAV 9999
header __MY_CLAMAV_SANE X-Spam-Virus =3D~ /Yes.{1,50}Sanesecurity/i
priorty __MY_CLAMAV_SANE 9999
meta MY_CLAMAV_SANE (__MY_CLAMAV && __MY_CLAMAV_SANE)=20
score MY_CLAMAV_SANE 5=20


Hope this helps!
--=20
View this message in context:
http://www.nabble.com/Problem-with-c....html#a1176322
7
Sent from the SpamAssassin - Users mailing list archive at Nabble.com.