Sanesecurity and SA

Phil Daws uxbod at splatnix.net
Tue Dec 8 22:25:10 CET 2015 

Hello,

does anybody have a work ruleset for SA and Sanesecurity clam signatures.  For some weird reason these are not working :(

################################################################################
# SaneSecurity & MSRBL Signatures
################################################################################
header CLAM_SS_AUCTION     X-Amavis-AV-Status =~ /Sanesecurity\.Auction/
header CLAM_SS_BLURL       X-Amavis-AV-Status =~ /Sanesecurity\.Blurl/
header CLAM_SS_CASINO      X-Amavis-AV-Status =~ /Sanesecurity\.Casino/
header CLAM_SS_CRED        X-Amavis-AV-Status =~ /Sanesecurity\.Cred/
header CLAM_SS_DIPL        X-Amavis-AV-Status =~ /Sanesecurity\.Dipl/
header CLAM_SS_DOC         X-Amavis-AV-Status =~ /Sanesecurity\.Doc/
header CLAM_SS_HDR         X-Amavis-AV-Status =~ /Sanesecurity\.Hdr/
header CLAM_SS_IMG         X-Amavis-AV-Status =~ /Sanesecurity\.Img/
header CLAM_SS_JOB         X-Amavis-AV-Status =~ /Sanesecurity\.Job/
header CLAM_SS_JUNK        X-Amavis-AV-Status =~ /Sanesecurity\.Junk/
header CLAM_SS_JURLBL      X-Amavis-AV-Status =~ /Sanesecurity\.Jurlbl/
header CLAM_SS_LOAN        X-Amavis-AV-Status =~ /Sanesecurity\.Loan/
header CLAM_SS_MALWARE     X-Amavis-AV-Status =~ /Sanesecurity\.Malware/
header CLAM_SS_PHISHING    X-Amavis-AV-Status =~ /Sanesecurity\.Phishing/
header CLAM_SS_PORN        X-Amavis-AV-Status =~ /Sanesecurity\.Porn/
header CLAM_SS_ROGUE       X-Amavis-AV-Status =~ /Sanesecurity\.Rogue/
header CLAM_SS_ROGUE       X-Amavis-AV-Status =~ /Sanesecurity\.Trojan/
header CLAM_SS_SCAM        X-Amavis-AV-Status =~ /Sanesecurity\.Scam/
header CLAM_SS_SPAM        X-Amavis-AV-Status =~ /Sanesecurity\.Spam/
header CLAM_SS_SPEAR       X-Amavis-AV-Status =~ /Sanesecurity\.Spear/
header CLAM_SS_STK         X-Amavis-AV-Status =~ /Sanesecurity\.Stk/
header CLAM_SS_TEST        X-Amavis-AV-Status =~ /Sanesecurity\.TestSig/
header CLAM_SS             X-Amavis-AV-Status =~ /Sanesecurity/
header CLAM_MSRBL          X-Amavis-AV-Status =~ /MSRBL/
header CLAM_MBL            X-Amavis-AV-Status =~ /MBL/
header CLAM_SECURITEINFO   X-Amavis-AV-Status =~ /SecuriteInfo/
header CLAM_WINNOW         X-Amavis-AV-Status =~ /winnow/
header CLAM_INETMSG        X-Amavis-AV-Status =~ /INetMsg/
header CLAM_SAFEBROWSING   X-Amavis-AV-Status =~ /Safebrowsing/
header CLAM_SCAMNAILER     X-Amavis-AV-Status =~ /ScamNailer/
header CLAM_OTHERS         X-Amavis-AV-Status =~ /Email|HTML|JS.Redirect/
header CLAM_DOPPELSTERN    X-Amavis-AV-Status =~ /Doppelstern/
header CLAM_CRDF_BACKDOOR  X-Amavis-AV-Status =~ /CRDF.Backdoor/
header CLAM_CRDF_TROJAN    X-Amavis-AV-Status =~ /CRDF.Gen.Trojan|CRDF.Trojan/

Thanks, Phil

More information about the amavis-users mailing list