3rd party clamav sigs

Ken A ka at pacific.net
Fri Dec 21 22:53:19 GMT 2007

I had a corrupt clamav sig cause mail to stop flowing early this am. I
had about 30k emails in queues to catch up on. Thankfully, once
MailScanner started going through them, it only took a couple hours to
catch up!

The problem was traced to a shell script 'scamp.sh' from the
sanesecurity site that downloads the sigs and unpacks them. Somehow it
was corrupting them one of them. Downloading and unpacking manually
worked fine. :-\

In any case, I visited the sanesecurity site and there's a new version
of the script - updated this month. So, in testing it, I'm seeing it
grabbing sigs from a few other sites.

Sanesecurity and MSRBL have been good in the past, but I'm not sure
about the others. Any opinions or experiences with these sources below?


# Files updated:
# honeynet.hdb.gz       (securiteinfo.com)
# mbl.db                (Malware.com.br)
# MSRBL-Images.hdb      (MSRBL.com)
# MSRBL-SPAM.ndb        (MSRBL.com)
# MSRBL-SPAM-CR.ndb     (MSRBL.com)
# phish.ndb.gz          (sanesecurity.com)
# scam.ndb.gz           (sanesecurity.com)
# securiteinfo.hdb.gz   (securiteinfo.com)
# vx.hdb.gz             (securiteinfo.com)

Ken Anderson

More information about the MailScanner mailing list