Re: [clamav-users] MailFollowUrl alternative?
Hi there, On Sun, 2 Apr 2017, Matus UHLAR wrote: On 31.03.17 19:51, Steve Basford wrote: It did a curl on any urls found in the body ... among other, it provided spammers evidence their mail was read. Yes, almost the last thing you want to do is give some scrote feedback that he has a genuine address that might even accept mail if he keeps trying for long enough. I say 'almost' because apart from verifying for some criminal that he has a genuine address to sell, scanning URLs in mail is rather begging to participate in a DOS attack on some innocent bystander - presumably you don't want to do that. If you intend to follow URLs to the ends of the Earth, try to be intelligent about it and be prepared to invest considerable resources into the activity. There are much, much better ways of dealing with dodgy messages with unknown URLs in them. For example most of them come from the country codes we blacklist, so they're very easy to spot. Here's the list at the moment, suggestions for new candidates are welcome: AE AL AM AO AP AR AT AU AZ BA BD BE BG BH BJ BO BR BW BY CI CL CM CN CO CR CV CZ DK DO DZ EC EE EG ES ET FI GA GE GH GR GT HN HR HT HU ID IL IN IQ IR IS IT JM JO JP KE KG KH KR KW KZ LA LB LK LT LV LY MA MD ME MK ML MN MQ MR MU MV MX MY MZ NG NO PA PE PH PK PL PR PS QA RO RS RU RW SA SC SD SE SG SK SN SV TG TH TJ TL TN TR TT TW TZ UA UY VE VN ZA ZM Anything in that list automatically gets the '550' treament until the sender can persuade us to whitelist him. At the moment we're seeing of the order of ten thousand attempts per month to send us suspicious messages. This is down by a factor of about fifteen since we moved to an IPv6-only primary mail exchanger last November. In 2017 we've averaged accepting about three of them. Really irritating. -- 73, Ged. ___ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] MailFollowUrl alternative?
On 31 March 2017 19:14:36 Steven Morgan wrote: It is not clear what MailFollowURL did. Have a look at docs/phishsigs_howto.pdf for a description of how to scan for URLs. This may have subsumed MailFollowURL. On 31.03.17 19:51, Steve Basford wrote: It did a curl on any urls found in the body and fetched the content... before scanning the content... bit of a summary here... https://lists.gt.net/clamav/users/22230 among other, it provided spammers evidence their mail was read. -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. "To Boot or not to Boot, that's the question." [WD1270 Caviar] ___ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] MailFollowUrl alternative?
Some ramsomware send an email with a link to download one zip with a excel or word docunent with a macro. This macro download another code and crypt files on pc. I need to scan all possible downloaded file for my custommers... The macro signature is present in clamav unofficial signatures, but i need clamav download and scan all url in email phishsigs is not for me, i need MailFollowURL Thanks Il 31 Mar 2017 8:14 PM, Steven Morgan ha scritto: Mauro, It is not clear what MailFollowURL did. Have a look at docs/phishsigs_howto.pdf for a description of how to scan for URLs. This may have subsumed MailFollowURL. Steve On Fri, Mar 31, 2017 at 12:34 PM, Mauro Celli wrote: > Hi, > i need to scan link in email, in the past i use MailFollowUrl but now is > deprecated, > There are an alternative to make this test? > Thanks > ___ > clamav-users mailing list > clamav-users@lists.clamav.net > http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users > > > Help us build a comprehensive ClamAV guide: > https://github.com/vrtadmin/clamav-faq > > http://www.clamav.net/contact.html#ml > ___ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml ___ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] MailFollowUrl alternative?
On 31 March 2017 19:14:36 Steven Morgan wrote: Mauro, It is not clear what MailFollowURL did. Have a look at docs/phishsigs_howto.pdf for a description of how to scan for URLs. This may have subsumed MailFollowURL. It did a curl on any urls found in the body and fetched the content... before scanning the content... bit of a summary here... https://lists.gt.net/clamav/users/22230 Cheers, Steve Twitter: @sanesecurity ___ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] MailFollowUrl alternative?
Mauro, It is not clear what MailFollowURL did. Have a look at docs/phishsigs_howto.pdf for a description of how to scan for URLs. This may have subsumed MailFollowURL. Steve On Fri, Mar 31, 2017 at 12:34 PM, Mauro Celli wrote: > Hi, > i need to scan link in email, in the past i use MailFollowUrl but now is > deprecated, > There are an alternative to make this test? > Thanks > ___ > clamav-users mailing list > clamav-users@lists.clamav.net > http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users > > > Help us build a comprehensive ClamAV guide: > https://github.com/vrtadmin/clamav-faq > > http://www.clamav.net/contact.html#ml > ___ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
[clamav-users] MailFollowUrl alternative?
Hi, i need to scan link in email, in the past i use MailFollowUrl but now is deprecated, There are an alternative to make this test? Thanks ___ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
