Sanesecurity and SA
Phil Daws
uxbod at splatnix.net
Tue Dec 8 22:25:10 CET 2015
Hello,
does anybody have a work ruleset for SA and Sanesecurity clam signatures. For some weird reason these are not working :(
################################################################################
# SaneSecurity & MSRBL Signatures
################################################################################
header CLAM_SS_AUCTION X-Amavis-AV-Status =~ /Sanesecurity\.Auction/
header CLAM_SS_BLURL X-Amavis-AV-Status =~ /Sanesecurity\.Blurl/
header CLAM_SS_CASINO X-Amavis-AV-Status =~ /Sanesecurity\.Casino/
header CLAM_SS_CRED X-Amavis-AV-Status =~ /Sanesecurity\.Cred/
header CLAM_SS_DIPL X-Amavis-AV-Status =~ /Sanesecurity\.Dipl/
header CLAM_SS_DOC X-Amavis-AV-Status =~ /Sanesecurity\.Doc/
header CLAM_SS_HDR X-Amavis-AV-Status =~ /Sanesecurity\.Hdr/
header CLAM_SS_IMG X-Amavis-AV-Status =~ /Sanesecurity\.Img/
header CLAM_SS_JOB X-Amavis-AV-Status =~ /Sanesecurity\.Job/
header CLAM_SS_JUNK X-Amavis-AV-Status =~ /Sanesecurity\.Junk/
header CLAM_SS_JURLBL X-Amavis-AV-Status =~ /Sanesecurity\.Jurlbl/
header CLAM_SS_LOAN X-Amavis-AV-Status =~ /Sanesecurity\.Loan/
header CLAM_SS_MALWARE X-Amavis-AV-Status =~ /Sanesecurity\.Malware/
header CLAM_SS_PHISHING X-Amavis-AV-Status =~ /Sanesecurity\.Phishing/
header CLAM_SS_PORN X-Amavis-AV-Status =~ /Sanesecurity\.Porn/
header CLAM_SS_ROGUE X-Amavis-AV-Status =~ /Sanesecurity\.Rogue/
header CLAM_SS_ROGUE X-Amavis-AV-Status =~ /Sanesecurity\.Trojan/
header CLAM_SS_SCAM X-Amavis-AV-Status =~ /Sanesecurity\.Scam/
header CLAM_SS_SPAM X-Amavis-AV-Status =~ /Sanesecurity\.Spam/
header CLAM_SS_SPEAR X-Amavis-AV-Status =~ /Sanesecurity\.Spear/
header CLAM_SS_STK X-Amavis-AV-Status =~ /Sanesecurity\.Stk/
header CLAM_SS_TEST X-Amavis-AV-Status =~ /Sanesecurity\.TestSig/
header CLAM_SS X-Amavis-AV-Status =~ /Sanesecurity/
header CLAM_MSRBL X-Amavis-AV-Status =~ /MSRBL/
header CLAM_MBL X-Amavis-AV-Status =~ /MBL/
header CLAM_SECURITEINFO X-Amavis-AV-Status =~ /SecuriteInfo/
header CLAM_WINNOW X-Amavis-AV-Status =~ /winnow/
header CLAM_INETMSG X-Amavis-AV-Status =~ /INetMsg/
header CLAM_SAFEBROWSING X-Amavis-AV-Status =~ /Safebrowsing/
header CLAM_SCAMNAILER X-Amavis-AV-Status =~ /ScamNailer/
header CLAM_OTHERS X-Amavis-AV-Status =~ /Email|HTML|JS.Redirect/
header CLAM_DOPPELSTERN X-Amavis-AV-Status =~ /Doppelstern/
header CLAM_CRDF_BACKDOOR X-Amavis-AV-Status =~ /CRDF.Backdoor/
header CLAM_CRDF_TROJAN X-Amavis-AV-Status =~ /CRDF.Gen.Trojan|CRDF.Trojan/
Thanks, Phil
More information about the amavis-users
mailing list