|
PPPPPPPPPPPPPOOOOOOOOOOOOOONNNNNNNNNNNNNNNNNGGGGGGGGGGGGGGG!!!!!!!!!!!!!!!!!!!!!!!!!
John T eServices For You
"Seek, and ye shall find!"
-----Original Message-----
Was it something I said ? :) PING
David B
From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Goran Jovanovic Posting Again
Hi John,
I apologize for not responding sooner but I have been very busy. I am also cross posting to the Virus list where this should really be discussed. Sorry for the delay in responding but I guess better late than never J
My notes on what I did are very rough but there should be enough information for you to follow through my steps. I would also like to thank Scott Fisher for pointing all this out and also for the commands in the attached file (rename it to .cmd).
Went to http://www.sosdg.org/clamav-win32/ to download Version 0.88-2 Downloaded from MajorGeeks.com - had to turn off Anti-Spyware and Gateway Antivirus on Sonicwall to get the download to finish.
File downloaded is clamav-0.88.2.exe
This will install into the C:\clamav-devel directory
Went to http://www.smartbusiness.net/imail/declude/ to get the runclamd.zip and runclamscan.zip files
Installed CLAMAV Ran RUNCLAMD to make CLAMAV into a service Use RUNCLAMSCAN to run virus scans out of declude
# Running against CLAM Daemon SCANFILE3 C:\clamav-devel\runclamd\runclamscan.exe log=2 C:\clamav-devel\bin\clamdscan.exe --quiet --mbox -l report.txt VIRUSCODE3 1 REPORT3 FOUND
Use my Get-Clam-Phish.cmd on a schedule to download SANE Security Phishing DB and CLAM signatures
Goran Jovanovic Omega Network Solutions
From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of John Doyle
Goran
Can you give me some information on installing the sane security phishing filters with CLAM. I found and went to the sane web site, and can see how to download, But I’m not sure how clamwin is set up to use the file.
Any help would be appreciated.
Thanks
John
From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Goran Jovanovic
Richard,
I implemented CLAM AV with the Sane Security phishing filters. This is from the thread that Andrew included. I run F-Prot then McAfee then CLAM AV with the ExitOnFirstDetect (or whatever that directive is). Clam is the scanner that catches pretty much all phishing attempts. The other two don’t do much in that department.
Goran Jovanovic Omega Network Solutions
From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Colbeck, Andrew
Richard, you might want to check this thread from the archives. Goran can clarify, but I'm pretty sure that this is the source of the "Sane Security" detection string.
For what it's worth, Message Sniffer catches the email message body you supplied with the MALWARE category.
The hosting provider, 0catch.com are not bad guys but their express hosting model makes them a frequently used hoster of malware and pharmacy sales/scams.
The link was still active, so I downloaded and ran it through various antivirus engines out of curiousity. Trend Micro didn't detect it, but F-Prot, McAfee and CLAM-AV all did.
Here are the results from VirusTotal.com :
Results of a file scanThis is a report processed by VirusTotal on 04/06/2006 at 19:19:19 (CET) after scanning the file "postcard.gif.exe" file.
Andrew 8)
|
- RE: [Declude.JunkMail] Ping John T \(Lists\)
- [Declude.JunkMail] ping Shaun Patterson
- [Declude.JunkMail] ping Shaun Patterson
- Re: [Declude.JunkMail] ping David Franco-Rocha [ Declude ]
- [Declude.JunkMail] Ping Shaun Patterson
- RE: [Declude.JunkMail] Ping Shaun Patterson
- RE: [Declude.JunkMail] Ping John T \(Lists\)
- [Declude.JunkMail] Ping David Barker
- RE: [Declude.JunkMail] Ping John Doyle
- Re: [Declude.JunkMail] Ping Dave Doherty
- Re: [Declude.JunkMail] Ping Pete McNeil
