Can anyone give me an idea on where I have gone wrong with the below:
In the header of the message if my unpack process finds an exe in a zip it marks the header up with a "SV-Unwanted" line.
My External Spam Assassin marks up with "X-Spam-Status: Yes" if it has spam.
I am using the ME Internal CriteriaMet for ClamAV to detect the virus.
My logic is that if it has "an exe in zip" (HASVIRUS) or if SA has marked it up (HASSPAM) and NOT have Clam AV detect then Filter is triggered...
I am checking my filter logs and this is just being ignored. Maybe it is my syntax. Maybe it is my logic.
I am doing this so I can have messages that arent being detected by ClamAV but have spam or a nasty zip sent to myself.Once I get past this I will have smaller subset of messages that I can submit to sanesecurity for samples that have not been detected.
I didn't find the right solution from the internet.