Need help with rule set
Mark Nienberg
lists at tippingmar.com
Wed Jul 29 20:20:44 IST 2009
Jules Field wrote:
>
> someone send me the URL of a test message that is caught by ClamAV by
> the Sanesecurity phishing signatures? I trap such stuff at SMTP time
> myself so haven't got any examples :-(
All of the reports I have seen lately end with UNOFFICIAL, but I don't
know it that is true for all third-party sigs.
Examples:
Quarantine: /var/spool/MailScanner/quarantine/20090720/n6K9ZvOq021661
Report: Clamd: message was infected: Sanesecurity.Casino.7437.UNOFFICIAL
Clamd: message was infected: Sanesecurity.Casino.7437.UNOFFICIAL
Quarantine: /var/spool/MailScanner/quarantine/20090723/n6O2KqRn008489
Report: Clamd: message was infected: Sanesecurity.Phishing.Cur.11209.UNOFFICIAL
Quarantine: /var/spool/MailScanner/quarantine/20090723/n6N7Mk3u014616
Report: Clamd: message was infected: Sanesecurity.Junk.13947.UNOFFICIAL
And even this, which is not SaneSecurity:
Quarantine: /var/spool/MailScanner/quarantine/20090727/n6R8lBgY028622
Report: Clamd: message was infected: MSRBL-SPAM.Meds.2802.UNOFFICIAL
Mark Nienberg
More information about the MailScanner
mailing list