[Rspamd-Users] Subject rewrite on Clamav detection
Gerald Galster
list+rspamd at gcore.biz
Mon Apr 24 14:37:56 UTC 2023
> i get a lot of clamav detection like
>
> Tue Apr 18 17:01:17 2023 -> instream(local): Heuristics.Phishing.Email.SpoofedDomain FOUND
> Tue Apr 18 17:01:28 2023 -> instream(local): Heuristics.Phishing.Email.SpoofedDomain FOUND
> Tue Apr 18 17:01:55 2023 -> instream(local): Heuristics.Phishing.Email.SpoofedDomain FOUND
> Tue Apr 18 17:02:06 2023 -> instream(local): Heuristics.Phishing.Email.SpoofedDomain FOUND
> Tue Apr 18 17:02:28 2023 -> instream(local): Heuristics.Phishing.Email.SpoofedDomain FOUND
>
> Of course, these emails are recognized as spam and end up in the spam folder with the ***SPAM*** subject.
> Is it possible to add the note Phishing.Email.SpoofedDomain?
>
> E.g.: ***SPAM*** [Phishing.Email.SpoofedDomain] the subject of the email ....
>
> How can I do this in rspamd?
https://rspamd.com/doc/modules/force_actions.html
Probably something like that (untested):
rules {
VIRUS {
action = "rewrite subject";
expression = "CLAM_VIRUS";
subject = "***SPAM*** [%s]";
}
}
With expression you can also match other symbols/patterns:
https://rspamd.com/doc/modules/antivirus.html#configuration
Best regards,
Gerald
More information about the Users
mailing list