Hi! I set up a "perfect Ubuntu server with nginx". After getting a lot of spam I tried to tune the clamav detection. I loaded the newest unofficial signatures by sanesecurity.com . They where all placed in /var/lib/clamav. I then tuned the user config in /etc/amavis/conf.d/50-user of clamav by adding: $bypass_decode_parts = 1; and also I tried to add: @keep_decoded_original_maps = (new_RE( qr’^MAIL$’, # retain full original message for virus checking qr’^MAIL-UNDECIPHERABLE$’, # recheck full mail if it contains undecipherables qr’^(ASCII(?! cpio)|text|uuencoded|xxencoded|binhex)’i, )); Then I tried to test the new signatures: sanesecurity.com/support/signature-testing/ But this does not work, emails still come to inbox and also mail log shows a amavis entry which tells the mails is "clean". I tried to restart server/services too a lot of times, and the eicar test file amavis detects, so normal signatures work... I also tried adding this to /etc/amavis/conf.d/50-user @virus_name_to_spam_score_maps = (new_RE( # the order matters! [ qr'^Structured\.(SSN|CreditCardNumber)\b' => 0.1 ], [ qr'^(Heuristics\.)?Phishing\.' => 0.1 ], [ qr'^(Email|HTML)\.Phishing\.(?!.*Sanesecurity)' => 0.1 ], [ qr'^Sanesecurity\.(Malware|Badmacro|Foxhole|Rogue|Trojan)\.' => undef ],# keep as infected [ qr'^Sanesecurity\.' => 0.1 ], [ qr'^Sanesecurity.TestSig_' => 0 ], [ qr'^Email\.Spam\.Bounce(\.[^., ]*)*\.Sanesecurity\.' => 0 ], [ qr'^BofhlandMW\.' => undef ],# keep as infected [ qr'^Bofhland\.Malware\.' => undef ],# keep as infected [ qr'^Bofhland\.' => 0.1 ], [ qr'^winnow.malware\.' => undef ],# keep as infected [ qr'^winnow\_' => 0.1 ], [ qr'^PhishTank\.Phishing\.' => 0.1 ], [ qr'^Porcupine\.Malware\.' => undef ],# keep as infected [ qr'^Porcupine\.' => 0.1 ], [ qr'^Email\.Spammail\b' => 0.1 ], [ qr'^Safebrowsing\.' => 0.1 ], [ qr'^winnow\.(phish|spam)\.' => 0.1 ], [ qr'^ScamNailer\.' => 0.1 ], )); But no luck yet. Any ideas how to get the signatures working? I get a lot of spam. About 30-50 virus a day..