How to quarantine only Phishing stuff from Clam?
Jeff A. Earickson
jaearick at COLBY.EDU
Thu Mar 10 15:03:20 GMT 2005
Julian,
My daily report of who is sending viruses from our own domain has
been showing Phishing stuff caught by ClamAV, coming from my own
webmail server.
A sample of what gets emailed to me via "Notices to", and then boiled
down by a perl script:
j29LMw3X004268: 137.146.210.58 (username)
ClamAV Module: msg-21083-102.txt was infected: HTML.Phishing.Bank-111
I want to investigate, ie quarantine the offending messages. But I
don't want to quarantine tons of crap. I have
Quarantine Infections = yes
Quarantine Silent Viruses = no
and I want to set up a ruleset specifying silent viruses. Would this
be right?
%localrules-dir% = /etc/MailScanner/rules
Silent Viruses = %localrules-dir%/silent-viruses.rules
where the silent-viruses.rules looks like:
Virus: All-Viruses yes
Virus: HTML-IFrame yes
Virus: Phishing.Bank no
Do I need to specify a default here?
Jeff Earickson
Colby College
------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
Support MailScanner development - buy the book off the website!
More information about the MailScanner
mailing list