[Help] scamnailer with Clamav FP
mark at msapiro.net
Sat Jul 9 02:26:54 UTC 2016
On 7/8/16 12:00 AM, Sistemisti Posta wrote:
> I use scamnailer.ndb with Clamav:
> During last days I experience many false positives with
> @beniculturali.it domain.
> I checked with beniculturali.it's admins, and it doesn't seem that they
> are currently victim of phishing or email spoofing.
> Could you try to remove the beniculturali.it addresses from the list?
The short answer is No.
There are two ways to use ScamNailer. One is with a set of SpamAssassin
rules (ScamNailer.cf) and the other is with ClamAV signatures
(scamnailer.ndb). These two ways have different implications in
MailScanner becaust one is a SpamAssassin score, and the other is an
'unofficial' virus detection.
Originally, the data for these came from some proprietary source and was
maintained by Jules and there are scripts at
<http://www.scamnailer.info/downloads.html> to produce ScamNailer.cf
<http://www.scamnailer.info/files/contrib/ClamNailer-1.01.gz> from Jules
data. The latter script doesn't produce scamnailer.ndb; it just
There is also a 'still updated by some process unknown to me'
scamnailer.ndb at <http://www.mailscanner.eu/scamnailer.ndb> and also
distributed by sanesecurity.com.
Over the years, the source of the data for the
<http://www.scamnailer.info/files/2/ScamNailer-2.09.gz> script has
proven unreliable so I refactored that script to use the data from
<http://svn.code.sf.net/p/aper/code/phishing_reply_addresses>. That also
contains @beniculturali.it addresses. See
<https://sourceforge.net/projects/aper/> for ways to contact that project.
The current version of that script is distributed with MailScanner and
The data at
<http://svn.code.sf.net/p/aper/code/phishing_reply_addresses> may also
be the source of the scamnailer.ndb files, but this is unknown to me.
Mark Sapiro <mark at msapiro.net> The highway is for gamblers,
San Francisco Bay Area, California better use your sense - B. Dylan
More information about the MailScanner