Re: [clamav-users] request of support for flagging fraud domain

[G.W. Haywood]

Hi there,

On Mon, 22 Oct 2018, Dennis Peterson wrote:

On 10/21/18 6:09 AM, Darius Baumann wrote:

I want to submit the following fraud domain for flagging in ClamAV -
"servicemarket.su":

If you have no reason for accepting mail from the .su top level domain then just
block that and be done with it. Sometimes it's reasonable to take a broad brush
response to these problematic domains.

Quite so.  Countries too.  Here's our current country blacklist:

mail6:# >>> cat /etc/mail/eXtensibleMilter/country_blacklist
# This file populates a Perl hash of (country_code => value) pairs.
# The country code is the ISO-3166 two-letter country code, see
# for example https://en.wikipedia.org/wiki/ISO_3166-1_alpha-2.
# The value should be a single digit:
# 2 - Reject all mail from this country code at the connect callback
#     if the ASN is not whitelisted.
# 1 - Reject if not whitelisted elsewhere (which means message
#     processing must continue beyond the connect callback).
AE => 2, AF => 2, AL => 2, AM => 2, AO => 2, AR => 2, AT => 1,
AU => 1, AZ => 2, BA => 1, BD => 2, BE => 1, BG => 2, BH => 1,
BI => 2, BJ => 1, BO => 2, BR => 2, BS => 2, BW => 1, BY => 2,
BZ => 2, CG => 2, CI => 2, CL => 2, CM => 1, CN => 2, CO => 2,
CR => 2, CV => 1, CZ => 2, DK => 1, DO => 2, DZ => 2, EC => 2,
EE => 1, EG => 2, ES => 1, ET => 1, FJ => 2, FK => 2, FM => 2,
FO => 2, GA => 2, GE => 1, GH => 2, GR => 2, GT => 2, HK => 1,
HN => 2, HR => 1, HT => 1, HR => 2, HU => 1, ID => 2, IL => 1,
IN => 2, IQ => 2, IR => 2, IS => 1, IT => 1, JM => 2, JO => 2,
JP => 2, KE => 2, KG => 2, KH => 2, KN => 2, KR => 2, KW => 2,
KZ => 2, LA => 1, LB => 2, LK => 1, LS => 2, LT => 2, LU => 2,
LV => 2, LY => 2, MA => 1, MD => 1, ME => 2, MK => 2, ML => 1,
MM => 2, MN => 2, MQ => 1, MR => 1, MU => 1, MV => 1, MX => 2,
MY => 2, MZ => 2, NG => 2, NI => 2, NO => 1, NP => 2, PA => 2,
PE => 2, PH => 2, PK => 2, PL => 2, PR => 1, PS => 1, PY => 2,
QA => 1, RO => 2, RS => 2, RU => 2, RW => 2, SA => 2, SC => 2,
SD => 1, SE => 1, SG => 2, SI => 1, SK => 2, SL => 1, SN => 2,
SV => 2, SY => 2, TG => 1, TH => 2, TJ => 1, TL => 1, TM => 1,
TN => 1, TR => 2, TT => 2, TW => 2, TZ => 2, UA => 2, UG => 2,
UY => 2, UZ => 2, VE => 2, VN => 2, ZA => 2, ZM => 1, ZW => 2,

Perhaps the OP should be talking to Steve @ Sanesecurity.

--

73,
Ged.
_______________________________________________
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml