Copfilter / Bugs / #1 second clamAV virus signature directory for havp scanning

#1 second clamAV virus signature directory for havp scanning

Status: open

Owner: nobody

Labels: None

Priority: 5

Updated: 2008-06-28

Created: 2008-06-28

Creator: mm8824

Private: No

You should make a copy of signatures to another directory that HAVP can use (don't bother a second clamd, just use library). And not copy SaneSecurity etc there at all. You could also grep away any Mail-type signatures (:4: in .ndb) to save some memory, since you don't generally encounter mbox-files in http..

The only marginal benefit is that some of the signatures might "catch" suspicious mails in webmails.

As an example, that rule Email.Malware.Sanesecurity.Url.SQLInj_32 simply matches the string "http://www.banner82.xxx" (replaced com with xxx in case you surf through HAVP..) anywhere.

Discussion

mm8824 - 2008-06-28

Logged In: YES
user_id=1160896
Originator: YES

http://copfilter.endlich-mail.de/viewtopic.php?t=2114

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

second clamAV virus signature directory for havp scanning

Group

Searches

Help

#1 second clamAV virus signature directory for havp scanning

Discussion