On Fri, 28 Jun 2019, Al Varnell wrote: > On Thu, Jun 27, 2019 at 07:51 AM, Joel Esler (jesler) via clamav-users wrote:
>>> On Jun 26, 2019, at 7:25 PM, Epicon Elysium via clamav-users <email@example.com <mailto:firstname.lastname@example.org>> wrote:
>>> We're building a PaaS where everything runs on Linux. As part of
>>> the security requirements, we have to deploy Antivirus as well. We
>>> chose ClamAV in this case. One of the requirement in terms of
>>> Antivirus is that we should enable reputation rating. ...
>> The short answer is "No". ClamAV does not do reputation ratings,
>> unless you are talking about a scale of not malicious, heuristic,
>> PUA, and full on malicious.
>> But there is not a reputation system, no.
> The OP is going to have to explain more fully, but I took the
> question as does ClamXAV consider any reputation ratings that are
> made by the e-mail systems through which a message transits which
> are often expressed as spam or malware scores in the header
Seems to me that the OP doesn't know what he wants, but he has some
kind of requirements specification which was written by somebody who
doesn't know either, and he's doing his best to comply with that.
Anti-virus and reputation are pretty much orthogonal concepts.
My take on reputation is: If it comes from something somehow listed in
one of my blacklists, it has a bad reputation and I don't want it (to
the point of automatically adding a firewall TARPIT rule if it tries
to send me anything).
mail6:/etc/mail/x-milter# >>> wc -l *blacklist
57 x-milter_country_blacklist (*)
(*) The line count is rather misleading for this file, there are at the
moment 165 ISO 3166-1 country codes in it: https://en.wikipedia.org/wiki/ISO_3166-1_alpha-2
If anyone wants to see any of this stuff I'm happy to publish it.
Of course this is a Sendmail milter which scans mail. If you're
shaving yaks, things are very different. I just hope that there's
something here that might stimulate.
clamav-users mailing list
Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml