Hope I haven't missed this one being discussed... but ...
APER is a project hosted at Google Code (Anti-Phishing Email Reply)
that tracks From, Reply-to, and Body URLs that match known phishing
attacks. There are a few examples for how to use it ... but I was
wondering:
Has anyone turned this
Hope I haven't missed this one being discussed... but ...
Has anyone turned this into a regularly updated set of ClamAV signatures?
Hi,
Firstly, spear.ndb generated from the APER feed and has been for a while now:
http://sanesecurity.co.uk/databases.htm
Secondly, I've two more databases
At 7:02 AM -0700 10/22/09, John Rudd wrote:
Hope I haven't missed this one being discussed... but ...
APER is a project hosted at Google Code (Anti-Phishing Email Reply)
that tracks From, Reply-to, and Body URLs that match known phishing
attacks. There are a few examples for how to use it ...
-boun...@lists.clamav.net
[mailto:clamav-users-boun...@lists.clamav.net] On Behalf Of John Rudd
Sent: 22 October 2009 15:03
To: ClamAV users ML
Subject: [Clamav-users] APER
Hope I haven't missed this one being discussed... but ...
APER is a project hosted at Google Code (Anti-Phishing Email Reply
Check out Julian Field's ScamNailer:
http://www.scamnailer.info/
18/10/2009 - New scamnailer.ndb ClamAV signature database is now
available from http://www.mailscanner.eu/scamnailer.ndb. This is updated
very frequently. Do not download it more than once per hour!
Cheers,
Phil
While I have a
I have to ask however. You mentioned it contains phish urls as well.
I have not been able to find that. However, we track phish
urls/domains in winnow_phish_complete.ndb
Tom
When you download their distribution, you get 4 files:
phishing_cleared_addresses
phishing_from_addresses
phishing_links
Firstly, spear.ndb generated from the APER feed and has been for a while now:
http://sanesecurity.co.uk/databases.htm
I didn't realize spear.ndb includes APER. That's great news (as we
already use spear.ndb) ... looks like implementing APER is pretty
straight forward (and low effort) for me :-)
Check out Julian Field's ScamNailer:
http://www.scamnailer.info/
18/10/2009 - New scamnailer.ndb ClamAV signature database is now
available from http://www.mailscanner.eu/scamnailer.ndb. This is updated
very frequently. Do not download it more than once per hour!
Ok, that's the database