Grreting card scams
UxBoD
uxbod at splatnix.net
Fri Jul 27 17:53:26 IST 2007
Your the man :D
Regards,
--[ UxBoD ]--
// PGP Key: "curl -s https://www.splatnix.net/uxbod.asc | gpg --import"
// Fingerprint: C759 8F52 1D17 B3C5 5854 36BD 1FB1 B02F 5DB5 687B
// Keyserver: www.keyserver.net Key-ID: 0x5DB5687B
// Phone: +44 845 869 2749 SIP Phone: uxbod at sip.splatnix.net
----- Original Message -----
From: "Julian Field" <MailScanner at ecs.soton.ac.uk>
To: "MailScanner discussion" <mailscanner at lists.mailscanner.info>
Sent: 27 July 2007 15:42:08 o'clock (GMT) Europe/London
Subject: Re: Grreting card scams
Richard Frovarp wrote:
> Matt Kettler wrote:
>> Glenn Steen wrote:
>>
>>> On 27/07/07, Matt Kettler <mkettler at evi-inc.com> wrote:
>>>
>>>> Rick Cooper wrote:
>>>>
>>>> Given that running clamscan on the email file outside of MailScanner
>>>> detects it
>>>> as a virus, I've already conclusively proven clamav has the signature
>>>> and it
>>>> works properly.
>>>>
>>>> One observation, though, the specific test messages I used detected as
>>>> 1221 not
>>>> 1222, but they're all related.
>>>>
>>>> ecardspam1.eml: Email.Phishing.RB-1221 FOUND
>>>> ecardspam2.eml: Email.Phishing.RB-1221 FOUND
>>>> ecardspam3.eml: Email.Phishing.RB-1221 FOUND
>>>>
>>>> However, if you insist:
>>>> # sigtool --list-sigs|grep Email.Phishing.RB-1222
>>>> Email.Phishing.RB-1222
>>>>
>>>> Yes, it's there. Yes, clamscan can use it, and clamscan properly
>>>> detects the
>>>> messages as viruses when executed manually. No, clamav via MailScanner
>>>> cannot
>>>> detect it.
>>>>
>>>>
>>> Could this perhaps have anything to do with how clam gets fed the
>>> message in MailScanner....? If I'm not completely senile (always a
>>> possibility:-), MS doesn't feed it the complete message, hence some
>>> newstyle sigs will never (be able to) trigger.
>>>
>>
>> That goes back to my original statement that I felt that the
>> difference had to
>> do with the fact that my MailScanner isn't up-to-date.
>>
>> I'm quite convinced that this is a MailScanner interfacing issue, as
>> it is quite
>> clear clamav is working properly outside MS.
>>
>> (Note: Personally I don't have a problem with this "issue", I was
>> merely joining
>> in and commenting on it hoping my observations could help others who
>> do have
>> problems with it.)
>>
>>
>>
>>
> I don't have that one tripping either. I figure it is due to the fact
> that I stop a lot at the MTA and delete high scoring spam so they
> never even reach clam.
I have now written support for passing entire messages to the ClamAV
scanners. There is a new setting called "Reliably Detect Spam With
ClamAV" which is "no" by default as it has a speed impact. It has no
effect when the ClamAV scanners are not being used.
I'll release a new beta shortly.
Jules
--
Julian Field MEng CITP
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store
Need help customising MailScanner?
Contact me!
Need help fixing or optimising your systems?
Contact me!
Need help getting you started solving new requirements from your boss?
Contact me!
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
For all your IT requirements visit www.transtec.co.uk
--
MailScanner mailing list
mailscanner at lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner
Before posting, read http://wiki.mailscanner.info/posting
Support MailScanner development - buy the book off the website!
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
More information about the MailScanner
mailing list