Mailing List CGatePro@mail.stalker.com Message #98747
From: Nicolas Hatier <nicolas.hatier@niversoft.com>
Subject: Re: For the owner of the communigate-index@mail.stalker.com mailbox
Date: Thu, 29 Oct 2009 12:02:17 -0400
To: CommuniGate Pro Discussions <CGatePro@mail.stalker.com>
We use all databases from SaneSecurity, and never had a single false positive, except from winnow_spam_complete.ndb, which is now disabled by default in the update script provided with CGP-CLamAV.

We were using the MSRBL ones, but after 6 months we found out that 0 message matched these db without also matching the SaneSecurity or the ClamAV ones, so we stopped using the MSRBL db.

By default, the script provided with CGP-ClamAV downloads all of the SaneSecurity databases (except winnow_spam_complete.ndb). URLs and configuration options for other known databases (MSRBL, securiteinfo.com) are provided in the script but left disabled.

Nicolas

John Rudd wrote:
We use the following add-ons for ClamAV:

from msrbl.com:
   MSRBL-SPAM.ndb
   MSRBL-SPAM-CR.ndb
   MSRBL-Images-FULL-SoN.hdb

the signature file from www.malware.com.br

from sanesecurity:
   junk.ndb
   jurlbl.ndb
   scamnailer.ndb
   phish.ndb
   rogue.hdb
   scam.ndb
   spamimg.hdb
   spear.ndb
   spearl.ndb
   winnow_malware.hdb
   winnow_malware_links.ndb

scamnailer.ndb is the only one of those that is rated above "low" risk
of false positives.  Scamnailer is rated "medium", but it comes from a
source that I highly trust (the guy who wrote MailScanner).  Sane
security also has some other signatures that are "medium" and "high"
risk.  For various reasons, we're not using them at this time.

scamnailer, phish, scam, spear, and spearl are all anti-phishing
databases.  spear and spearl are derived from the "APER"
(Anti-Phishing Email Reply) project, hosted at Google code.

MSRBL-*, junk, jurlbl, spamimg, and I think rogue, are all anti-spam
databases (they match signatures of known spam messages, as opposed to
looking for signatures of viruses).

The rest are anti-virus/anti-malware signatures.

We've never had a complaint about messages blocked by those signature
databases (our complaints have been more about "hey, I wanted to send
a password-protected zip file through, but ClamAV blocked it!!"
(because we have that set to block, per local policy).


On Thu, Oct 29, 2009 at 07:50, Nicolas Hatier
<nicolas.hatier@niversoft.com> wrote:
  
I would have to integrate the major part of ClamAV into PolluStop, which is
not possible for various reasons (license incompatibilities, programming
language differences would cause problems, etc) and would be redundant for
those using ClamAV. It's easier, safer and less expensive to install
CGP-ClamAV in parallel with PolluStop and use a script to download the
SaneSecurity db (one such script is provided with CGP-ClamAV).

Regards
Nicolas Hatier

Tom Rymes wrote:

On Oct 19, 2009, at 6:42 PM, Nicolas Hatier wrote:

Well... they may be running clamav with the default database or another
virus filter. The SaneSecurity db is not a virus db, it's a phishing,
exploits and spam db, which can be downloaded as an add-on to clamav.

NH

Nicolas (and the list),

Any way to implement this functionality into Pollustop?

Tom



--

Nicolas Hatier <nicolas.hatier@niversoft.com>
Niversoft idées logicielles - http://www.niversoft.com
    
#############################################################
This message is sent to you because you are subscribed to
  the mailing list <CGatePro@mail.stalker.com>.
To unsubscribe, E-mail to: <CGatePro-off@mail.stalker.com>
To switch to the DIGEST mode, E-mail to <CGatePro-digest@mail.stalker.com>
To switch to the INDEX mode, E-mail to <CGatePro-index@mail.stalker.com>
Send administrative queries to  <CGatePro-request@mail.stalker.com>
  

--

Nicolas Hatier <nicolas.hatier@niversoft.com>
Niversoft idées logicielles - http://www.niversoft.com

Subscribe (FEED) Subscribe (DIGEST) Subscribe (INDEX) Unsubscribe Mail to Listmaster