mkathuria at tuxtechnologies
Oct 20, 2011, 8:16 AM
Post #5 of 5
On Thu, Oct 20, 2011 at 9:57 AM, Noel Jones <njones [at] megan> wrote:
> On 10/19/2011 10:00 PM, Alex wrote:
>>>> I have a fedora15 system with spamassassin-3.3.2 and clamav-0.97.2,
>>>> and also using the clamav-unofficial-sigs. and I've just realized the
>>>> score for catching one of the listed domains is only 0.2.
>>>> X-Spam-Status: No, score=3.444 tagged_above=-100 required=5
>>>> tests=[.AV:INetMsg.SpamDomain-2w.t67f_com.UNOFFICIAL=0.1, BAYES_50=0.8,
>>>> HTML_MESSAGE=0.001, HTML_MIME_NO_HTML_TAG=0.377, MIME_HTML_ONLY=0.723,
>>>> RCVD_IN_BRBL_LASTEXT=1.449, RELAYCOUNTRY_LOW=0.5,
>>>> RP_MATCHES_RCVD=-0.504, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001]
>>>> Is that typical? Can you recommend a more suitable score?
>>> Spamassassin scores are quie optimized. But you can fine tune the
>>> scores based on your own requirements after observing the trend for a
>>> few days
>> I think I assumed that you knew too much about my level of
>> understanding. I'm familiar with local.cf and building my own SA
>> However, I don't know where the original definition of the clamav
>> rules are listed. Where is that 0.1 actually defined?
> Those look like scores from amavisd-new, which has special code to
> turn a clamav spam detection into a SpamAssassin score. (Normally,
> clamav is separate from SA; any detection results in a reject.)
You can search for @virus_name_to_spam_score_maps in the amavisd-new
configuration file and look for something like the following below
[ qr'^INetMsg\.SpamDomain-2w\.' => 0.1 ]
I guess this is exactly what you have been looking for and you can
modify this value as per your requirement.
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net