Difference between revisions of "ClamAV"

From Halon, SMTP software for hosting providers
Jump to: navigation, search
(Usage)
(Skip certain signaturs)
Line 9: Line 9:
 
</hsl>
 
</hsl>
  
=== Skip certain signaturs ===
+
=== Skip certain signatures ===
  
 
This example filter various heuristics detection from the ClamAV antivirus engine, which may be useful if these apply to you on regular basis preventing unwanted false-positives.
 
This example filter various heuristics detection from the ClamAV antivirus engine, which may be useful if these apply to you on regular basis preventing unwanted false-positives.

Revision as of 12:16, 12 October 2016

The open-source anti-virus engine ClamAV is included in the Halon platform. It allow you to get a second opinion to the commercial anti-virus that's also included.

Usage

ClamAV can be used with the HSL function; ScanCLAM in the DATA flow. It is also available in the graphical "Anti-virus" flow chart block.

if (ScanCLAM())
    
Reject("ClamAV thinks your message contains a virus"); 

Skip certain signatures

This example filter various heuristics detection from the ClamAV antivirus engine, which may be useful if these apply to you on regular basis preventing unwanted false-positives.

// ClamAV check
function ScanCLAM()
{
    
$skip = ["Xls.Exploit.EmbeddedFlash-1"];
    
$clam = [];
    foreach (
builtin ScanCLAM() as $v)
       if (!
in_array($v$skip))
           
$clam[] = $v;
    return 
$clam;