I use the official clamav databases plus third party signatures from
sanesecurity to scan email for virus - when an email would potentially
hit two signatures, it seems to prefer the third party over the
official clamav sigs. Is this intentional or am I missing something?
A recent example is
On 2009-10-22 10:25, Per Jessen wrote:
I use the official clamav databases plus third party signatures from
sanesecurity to scan email for virus - when an email would potentially
hit two signatures, it seems to prefer the third party over the
official clamav sigs. Is this intentional or am I
Hope I haven't missed this one being discussed... but ...
APER is a project hosted at Google Code (Anti-Phishing Email Reply)
that tracks From, Reply-to, and Body URLs that match known phishing
attacks. There are a few examples for how to use it ... but I was
wondering:
Has anyone turned this
Hope I haven't missed this one being discussed... but ...
Has anyone turned this into a regularly updated set of ClamAV signatures?
Hi,
Firstly, spear.ndb generated from the APER feed and has been for a while now:
http://sanesecurity.co.uk/databases.htm
Secondly, I've two more databases
At 7:02 AM -0700 10/22/09, John Rudd wrote:
Hope I haven't missed this one being discussed... but ...
APER is a project hosted at Google Code (Anti-Phishing Email Reply)
that tracks From, Reply-to, and Body URLs that match known phishing
attacks. There are a few examples for how to use it ...
Check out Julian Field's ScamNailer:
http://www.scamnailer.info/
18/10/2009 - New scamnailer.ndb ClamAV signature database is now
available from http://www.mailscanner.eu/scamnailer.ndb. This is updated
very frequently. Do not download it more than once per hour!
Cheers,
Phil
--
Phil Randal |
Check out Julian Field's ScamNailer:
http://www.scamnailer.info/
18/10/2009 - New scamnailer.ndb ClamAV signature database is now
available from http://www.mailscanner.eu/scamnailer.ndb. This is updated
very frequently. Do not download it more than once per hour!
Cheers,
Phil
While I have a
I have to ask however. You mentioned it contains phish urls as well.
I have not been able to find that. However, we track phish
urls/domains in winnow_phish_complete.ndb
Tom
When you download their distribution, you get 4 files:
phishing_cleared_addresses
phishing_from_addresses
phishing_links
Firstly, spear.ndb generated from the APER feed and has been for a while now:
http://sanesecurity.co.uk/databases.htm
I didn't realize spear.ndb includes APER. That's great news (as we
already use spear.ndb) ... looks like implementing APER is pretty
straight forward (and low effort) for me :-)
Check out Julian Field's ScamNailer:
http://www.scamnailer.info/
18/10/2009 - New scamnailer.ndb ClamAV signature database is now
available from http://www.mailscanner.eu/scamnailer.ndb. This is updated
very frequently. Do not download it more than once per hour!
Ok, that's the database
I thought I'd gotten a handle on this, but it seems to be a moving target:
I'm running ClamAV 0.95.2/9926/Thu Oct 22 05:10:50 2009
In /etc/clamd.conf I have the following line:
ExcludePath ^/data/fxa/
When I type:
[r...@am2-nhdr fxa]# clamdscan /data/fxa/temp.txt
I get:
/data/fxa/temp.txt:
Sorry if this is a OT for clamav-users, but may be someone will consider
this useful.
I wrote a simple GPLv2 clamdscan frontend (in C, for linux) that can be
mail piped from an external MTA or MUA to create a very fast and efficient
mail virus filtering solution.
It's a fast, simple and sysadmin
Ignore, after further exploration I realized that the ExcludePath still goes
through the files, it just doesn't actually scan them.
Scott Mohnkern
On Thu, Oct 22, 2009 at 1:28 PM, Scott Mohnkern mohnk...@gmail.com wrote:
I thought I'd gotten a handle on this, but it seems to be a moving
But it's definitey not working in .95.2
What I have in /etc/clamd.conf:
ExcludePath ^/fs/shared/
when I run clamdscan / it still scans the directory.
Scott Mohnkern
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
14 matches
Mail list logo