Need help with rule set

Mark Nienberg lists at tippingmar.com
Wed Jul 29 20:20:44 IST 2009


Jules Field wrote:
>
> someone send me the URL of a test message that is caught by ClamAV by 
> the Sanesecurity phishing signatures? I trap such stuff at SMTP time 
> myself so haven't got any examples :-(
All of the reports I have seen lately end with UNOFFICIAL, but I don't 
know it that is true for all third-party sigs.

Examples:

Quarantine: /var/spool/MailScanner/quarantine/20090720/n6K9ZvOq021661
    Report: Clamd:  message was infected: Sanesecurity.Casino.7437.UNOFFICIAL 
            Clamd:  message was infected: Sanesecurity.Casino.7437.UNOFFICIAL 


Quarantine: /var/spool/MailScanner/quarantine/20090723/n6O2KqRn008489
    Report: Clamd:  message was infected: Sanesecurity.Phishing.Cur.11209.UNOFFICIAL 


Quarantine: /var/spool/MailScanner/quarantine/20090723/n6N7Mk3u014616
    Report: Clamd:  message was infected: Sanesecurity.Junk.13947.UNOFFICIAL 


And even this, which is not SaneSecurity:

Quarantine: /var/spool/MailScanner/quarantine/20090727/n6R8lBgY028622
    Report: Clamd:  message was infected: MSRBL-SPAM.Meds.2802.UNOFFICIAL 



Mark Nienberg


More information about the MailScanner mailing list