RE: [Declude.Virus] ClamAV sanesecurity definitions
Andrew: After the post I did the same and it is working great. I have done as Scott has stated. I review all the messages and none of our Declude filters are being triggered anymore. All the phishing attempts used to get caught by our filters.. with ClamAV and the phish.ndb all are being caught. One issue we have is the identification.. this is what a typical message looks like. = Declude Virus [Ver: 4.0.9] caught: -Virus: Unknown Virus-In: Unknown File-From: * DELETED -To: * DELETED -Direction: incoming -Date: 02 Mar 2006 12:33:16-Subject: Account review-Spool File: D2c44018bdb48.smd-Remote IP: 193.254.190.119= Extremely nice test and many thanks for posting it. Regards, - Kami
RE: [Declude.Virus] ClamAV sanesecurity definitions
Scott, Are you running ClamAV with the SaneSecurity antiphishing signatures as an external spam test in Declude Pro, or as an antivirus engine in Declude Virus Pro? Andrew 8) From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Scott FisherSent: Wednesday, March 01, 2006 12:06 PMTo: Declude.Virus@declude.comSubject: [Declude.Virus] ClamAV sanesecurity definitions As a followupon last week's discussions on the SaneSecurity phish definitions for ClamAv. ClamAv (without SaneSecurity) caught 273 phish for me in February (all 28 days). SaneSecurity definitions caught 178 phish for me in the last 8 days of February. McAfee caught 118 and none after I installed the SaneSecurity definitions. SaneSecurity has done a wonderful job here. Thanks again Bill! -Scott FisherDirector of ITFarm Progress Companies191 S Gary AveCarol Stream, IL 60188630-462-2323 This email message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply email and destroy all copies of the original message. Although Farm Progress Companies has taken reasonable precautions to ensure no viruses are present in this email, the company cannot accept responsibility for any loss or damage arising from the use of this email or attachments.
Re: [Declude.Virus] ClamAV sanesecurity definitions
I running clamav as one of my scanners. The SaneSecurity is an additional defintion database named phish.ndb. I put the phish.ndb into my c:\clamav-devel\share\clamav folder and it does all of the rest. - Original Message - From: Colbeck, Andrew To: Declude.Virus@declude.com Sent: Wednesday, March 01, 2006 2:15 PM Subject: RE: [Declude.Virus] ClamAV sanesecurity definitions Scott, Are you running ClamAV with the SaneSecurity antiphishing signatures as an external spam test in Declude Pro, or as an antivirus engine in Declude Virus Pro? Andrew 8) From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Scott FisherSent: Wednesday, March 01, 2006 12:06 PMTo: Declude.Virus@declude.comSubject: [Declude.Virus] ClamAV sanesecurity definitions As a followupon last week's discussions on the SaneSecurity phish definitions for ClamAv. ClamAv (without SaneSecurity) caught 273 phish for me in February (all 28 days). SaneSecurity definitions caught 178 phish for me in the last 8 days of February. McAfee caught 118 and none after I installed the SaneSecurity definitions. SaneSecurity has done a wonderful job here. Thanks again Bill! -Scott FisherDirector of ITFarm Progress Companies191 S Gary AveCarol Stream, IL 60188630-462-2323 This email message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply email and destroy all copies of the original message. Although Farm Progress Companies has taken reasonable precautions to ensure no viruses are present in this email, the company cannot accept responsibility for any loss or damage arising from the use of this email or attachments.
Re: [Declude.Virus] ClamAV sanesecurity definitions
Personally I haven't seen any false positives. I spot checked a few messages, and they were phish. All of the subject lines are definitely phishy. I whitelisted the Declude support lists, so I don't have any concerns about blocking the support lists. What I also liked was that it only took about 15 minutes to get it working with a scheduled task to update itself. - Original Message - From: Colbeck, Andrew To: Declude.Virus@declude.com Sent: Wednesday, March 01, 2006 2:46 PM Subject: RE: [Declude.Virus] ClamAV sanesecurity definitions Thanks, Scott. I appreciate your posts on this topic. I have been following the hows and whys of using the phish.ndb and getting updates for it. I was thinking that for my own usage, I'd rather worry about false positives and run it as a Declude JunkMail antispam external test. It is certainly working for you to catch scams, but have you checked for false positives? I was thinking that in particular,I mightmiss posts to the support lists regarding Declude text filters to fight 419 scams, and more generally, my users might be affected. I am looking forward to implementing this when I have more time to spare in the office. (At my current rate, probably in April. Seriously.) Andrew 8) From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Scott FisherSent: Wednesday, March 01, 2006 12:29 PMTo: Declude.Virus@declude.comSubject: Re: [Declude.Virus] ClamAV sanesecurity definitions I running clamav as one of my scanners. The SaneSecurity is an additional defintion database named phish.ndb. I put the phish.ndb into my c:\clamav-devel\share\clamav folder and it does all of the rest. - Original Message - From: Colbeck, Andrew To: Declude.Virus@declude.com Sent: Wednesday, March 01, 2006 2:15 PM Subject: RE: [Declude.Virus] ClamAV sanesecurity definitions Scott, Are you running ClamAV with the SaneSecurity antiphishing signatures as an external spam test in Declude Pro, or as an antivirus engine in Declude Virus Pro? Andrew 8) From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Scott FisherSent: Wednesday, March 01, 2006 12:06 PMTo: Declude.Virus@declude.comSubject: [Declude.Virus] ClamAV sanesecurity definitions As a followupon last week's discussions on the SaneSecurity phish definitions for ClamAv. ClamAv (without SaneSecurity) caught 273 phish for me in February (all 28 days). SaneSecurity definitions caught 178 phish for me in the last 8 days of February. McAfee caught 118 and none after I installed the SaneSecurity definitions. SaneSecurity has done a wonderful job here. Thanks again Bill! -Scott FisherDirector of ITFarm Progress Companies191 S Gary AveCarol Stream, IL 60188630-462-2323 This email message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply email and destroy all copies of the original message. Although Farm Progress Companies has taken reasonable precautions to ensure no viruses are present in this email, the company cannot accept responsibility for any loss or damage arising from the use of this email or attachments.