Need help with rule set

--[ UxBoD ]-- uxbod at splatnix.net
Thu Jul 30 10:29:00 IST 2009 

Jules,

In Amavis you can override what is believed to be a virus or SPAM; like you have already suggested.  Then by modifying salocal.cf you can do :-

################################################################################
# SaneSecurity & MSRBL Signatures
################################################################################
header L_AV_Phish       X-Amavis-AV-Status =~ m{\bAV:(Email|HTML)\.Phishing\.}i
header L_AV_SS_PhishBar X-Amavis-AV-Status =~ m{\bAV:Sanesecurity_PhishBar_}
header L_AV_SS_Phish    X-Amavis-AV-Status =~ m{\bAV:Sanesecurity\.Phishing\.}
header L_AV_SS_Malware  X-Amavis-AV-Status =~ m{\bAV:Sanesecurity\.(Malware|Rogue|Trojan)\.}
header L_AV_SS_Scam     X-Amavis-AV-Status =~ m{\bAV:Sanesecurity\.(Scam[A-Za-z0-9]+)}
header L_AV_SS_Spam     X-Amavis-AV-Status =~ m{\bAV:Sanesecurity\.(Bou|Cred|Dipl|Job|Loan|Porn|Spam\.[A-Za-z0-9]+|Stk|Junk)\.}
header L_AV_SS_Hdr      X-Amavis-AV-Status =~ m{\bAV:Sanesecurity\.Hdr\.}
header L_AV_SS_Img      X-Amavis-AV-Status =~ m{\bAV:Sanesecurity\.(Img|ImgO)\.}
header L_AV_SS_Bounce   X-Amavis-AV-Status =~ m{\.Spam\.Bounce(\.[^., ]*)*\.Sanesecurity\b}
header __L_AV_SS        X-Amavis-AV-Status =~ m{\bAV:Sanesecurity\.}
meta   L_AV_SS_other    __L_AV_SS && !(L_AV_SS_Phish || L_AV_SS_Scam || L_AV_SS_Spam || L_AV_SS_Malware || L_AV_SS_Hdr || L_AV_SS_Img || L_AV_SS_Bounce)
header L_AV_MSRBL_Img   X-Amavis-AV-Status =~ m{\bAV:MSRBL-Images\b}
header L_AV_MSRBL_Spam  X-Amavis-AV-Status =~ m{\bAV:MSRBL-SPAM\.}
header L_AV_MBL         X-Amavis-AV-Status =~ m{\bAV:MBL_}
header L_AV_SecInf      X-Amavis-AV-Status =~ m{-SecuriteInfo\.com\b}

score  L_AV_Phish       14
score  L_AV_SS_Phish    5
score  L_AV_SS_PhishBar 0.5
score  L_AV_SS_Scam     8
score  L_AV_SS_Spam     8
score  L_AV_SS_Hdr      6
score  L_AV_SS_Img      3.5
score  L_AV_SS_Bounce   0.1
score  L_AV_SS_other    1
score  L_AV_SS_Malware  14
score  L_AV_MBL         14
score  L_AV_MSRBL_Img   3.5
score  L_AV_MSRBL_Spam  6
score  L_AV_SecInf      8

Best Regards,

-- 
SplatNIX IT Services :: Innovation through collaboration

More information about the MailScanner mailing list