Unofficial sigs - why are some blocked, and others 'turned into spam report'

Danilo Godec danilo.godec at agenda.si
Thu Oct 15 12:02:14 CEST 2020


I recently started using the 'clamav-unofficial-sigs' script
(https://github.com/extremeshok/clamav-unofficial-sigs/) and noticed,
that some 'unofficial' detections are blocked properly, while others are
just '/turned into a spam report/'.

Here's a part of the log for one that's blocked:

(07385-19) run_av (ClamAV-clamd): /var/spool/amavis/tmp/amavis-20201015T100234-07385-bZgYJcQq/parts INFECTED: Porcupine.Junk.40702.UNOFFICIAL
(07385-19) virus_scan: (Porcupine.Junk.40702.UNOFFICIAL), detected by 1 scanners: ClamAV-clamd
(07385-19) Blocked INFECTED (Porcupine.Junk.40702.UNOFFICIAL) {DiscardedInbound,Quarantined}, ...

And here's a part of the log for one that's merely converted to a spam
report:

(20911-18) run_av (ClamAV-clamd): /var/spool/amavis/tmp/amavis-20201015T110518-20911-6Oyb0AUP/parts INFECTED: Sanesecurity.Badmacro.Doc.ArrWind1.UNOFFICIAL, Sanesecurity.Badmacro.Doc.ArrWind1.UNOFFICIAL
(20911-18) Turning AV infection into a spam report: score=0.1, AV:Sanesecurity.Badmacro.Doc.ArrWind1.UNOFFICIAL=0.1


Why is that? What setting controls that?


   Regards,

   Danilo

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.amavis.org/pipermail/amavis-users/attachments/20201015/1b0e8de4/attachment.htm>


More information about the amavis-users mailing list