amavis-user September 2010 archive
Main Archive Page > Month Archives  > amavis-user archives
amavis-user: Re: [AMaViS-user] Heuristics.Structured.CreditCardN

Re: [AMaViS-user] Heuristics.Structured.CreditCardNumber false positives

From: Giampaolo Tomassoni <Giampaolo_at_nospam>
Date: Tue Sep 21 2010 - 14:47:41 GMT
To: <>

> Hi,
> I'm getting lots of false positives with
> "Heuristics.Structured.CreditCardNumber" and amavisd-new is blocking
> lots of mail that shouldn't be blocked.
> Is it possible to disable only the
> Heuristics.Structured.CreditCardNumber check? I tried to google but I
> could not find anything relevant...
> thanks a lot,
> stefano

This is a quite common problem with ClamAV + Amavisd, since I guess the
first recently changed some naming in its virus database *and* the latter
doesn't offer an explicit configuration point for this in its
/etc/amavisd.conf file.

However, you can easily get rid of this by editing the
@virus_name_to_spam_score_maps array in the [/usr]/sbin/amavisd executable.

I've actually changed one of its line this way:

         [ qr'^(Email|Heuristics|HTML)\.Phishing\.(?!.*Sanesecurity)' =>
0.1 ],

(sorry, can't remember the original content, but is wasn't that much
different, I guess).

Basically, this change disables the default amavis 'virus' classification in
case the AV reports a malware name starting with "Email.", "Heuristics." or
"HTML.". Spamassassin will be in charge for assigning enough spam score
points to discard the message, if this is the case. You may eventually want
to increase the spam score I put (0.1), but I don't believe it is relevant
if you're using a recent, full-fledged SA version.



> --
> Stefano Sasso

Start uncovering the many advantages of virtual appliances
and start using them to simplify application deployment and
accelerate your shift to cloud computing.
AMaViS-user mailing list
 Please visit regularly
 For administrativa requests please send email to rainer at openantivirus dot org