On Fri, Dec 08, 2006 at 06:32:29PM +0100, Steffen Heil said:
> Hi
>
> > It should be noted that that's in the 'old news' section of
> > the page, but you're right. It's only helpful for some
> > messages. I also use
> > http://download.mirror.msrbl.com/MSRBL-SPAM.ndb
> > http://download.mirror.msrbl.com/MSRBL-Images.hdb
>
> Sorry, another question to those:
> Do you get false positives?
>
> Until now I am tagging SPAM, but rejecting VIRUSes.
> However using those sigatures, I will end up detecing SPAM as VIRUS an
> reject those....
>
> Can I use exiscan to differ detected viruses froms spam?
Instead of malware = *, I suppose you could try a match against the
virus name returned. All of the vendors so far are putting some special
string in the virus definition, so it should be possible to just add a
header for the sane signatures, for instance.
--
--------------------------------------------------------------------------
| Stephen Gran | BOFH excuse #187: Reformatting Page. |
| steve@??? | Wait... |
| http://www.lobefin.net/~steve | |
--------------------------------------------------------------------------
