>> http://www.sanesecurity.co.uk/databases.htm
> GrayHat, Hi there ! > I've wondered about adding these to my few installs but never had > a situation where I could it run it and monitor it w/o fear of loosing > important mail (no unimportant test domain). What is your FP rate > with this, do you have list of the db's that you find complimentary > but not overlapping w/ ASSP? It *mainly* depends from the signatures you pick from there; some of those may give you quite some false-positives; others won't; in my case, set aside a few sparse cases, I had NO false positives at all; but, again, using extra signatures is like using a given DNS blacklist; before using it in a production environment you'd better test it and btw ASSP (at least the v2) allows you to do so by using some regexp to score the ClamAV results; at any rate, and to stay on the safe side, I'd suggest you to try the following rsync://rsync.sanesecurity.net/sanesecurity/sanesecurity.ftm rsync://rsync.sanesecurity.net/sanesecurity/junk.ndb rsync://rsync.sanesecurity.net/sanesecurity/lott.ndb rsync://rsync.sanesecurity.net/sanesecurity/phish.ndb rsync://rsync.sanesecurity.net/sanesecurity/rogue.hdb rsync://rsync.sanesecurity.net/sanesecurity/scam.ndb rsync://rsync.sanesecurity.net/sanesecurity/spear.ndb rsync://rsync.sanesecurity.net/sanesecurity/scamnailer.ndb rsync://rsync.sanesecurity.net/sanesecurity/winnow_malware.hdb by the way, the above is just a suggestion, feel free to add more signatures; just ensure to set up the ASSP regexp so that in case one of the sigs you're testing will have a hit you won't be rejecting the message... at least NOT until you'll be quite confident :) ------------------------------------------------------------------------------ _______________________________________________ Assp-user mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/assp-user
