Hello All, I've installed on my mail server SaneSecurity and MSRBL signatures and made a little reference for my own use during this installation.
Please comment or suggest fixes of the following: ------------------------------------------------- Steps to install SaneSecurity and MSRBL signatures in ClamAV on SLES9: 1) cd /data/cronjobs/sanesecurity wget http://www200.pair.com/mecham/spam/UpdateSaneSecurity.sh.txt mv UpdateSaneSecurity.sh.txt UpdateSaneSecurity.sh chmod u+x UpdateSaneSecurity.sh 2) Now change the following values in the script: a) PATH=/usr/sbin:/bin:/usr/bin:/usr/local/bin b) CLAM_USER="vscan" c) CLAM_GROUP="vscan" d) Remove -h option from rsync lines (won't work on SuSE with "-h") 3) Make sure "SelfCheck" is enabled in clamd.conf and "NotifyClamd" enabled in freshclam.conf so there is no need to reload clamav database via script. 4) ./UpdateSaneSecurity.sh [code] # ls -l /var/lib/clamav total 4837 drwxr-xr-x 4 vscan vscan 544 Aug 7 09:57 . drwxr-xr-x 37 root root 1000 Aug 7 04:18 .. -rw-r--r-- 1 vscan vscan 146779 Aug 7 09:25 MSRBL-Images.hdb -rw-r--r-- 1 vscan vscan 146779 Aug 7 09:47 MSRBL-Images.hdb-bak -rw-r--r-- 1 vscan vscan 229231 Jul 31 12:15 MSRBL-SPAM.ndb -rw-r--r-- 1 vscan vscan 229231 Aug 7 09:47 MSRBL-SPAM.ndb-bak -rw-r--r-- 1 vscan vscan 1523952 Oct 24 2006 clamav-1e59655201a82c81 -rw-r--r-- 1 vscan vscan 601680 Oct 24 2006 clamav-921896b001a72674 srwxrwxrwx 1 vscan vscan 0 Aug 7 09:02 clamd-socket -rw-rw---- 1 vscan vscan 4 Aug 7 09:02 clamd.pid drwxr-xr-x 2 vscan vscan 376 Aug 7 09:57 daily.inc -rw-rw---- 1 vscan vscan 5 Jul 25 14:57 freshclam.pid drwxr-xr-x 2 vscan vscan 248 Aug 7 09:57 main.inc -rw-r--r-- 1 vscan vscan 1112788 Aug 7 09:47 phish.ndb -rw-r--r-- 1 vscan vscan 186565 Aug 6 13:56 phish.ndb.gz -rw-r--r-- 1 vscan vscan 624830 Aug 7 09:47 scam.ndb -rw-r--r-- 1 vscan vscan 125016 Aug 6 13:57 scam.ndb.gz [/code] 5) Now we add a crontab entry with download attempts performed every 4th hour: crontab -e Insert this entry. Replace MM (minutes) below with a number between 1 and 59: MM */4 * * * /data/cronjobs/sanesecurity/UpdateSaneSecurity.sh Save and exit the file. The above cron job should run every four hours. Logs of the last download are located in /var/tmp/clamdb/ 6) Add rules to a SpamAssassin config file (e.g. local.cf), as suggested in release notes: ---------------------------------------------------------------------------- ------------ header L_AV_Phish X-Amavis-AV-Status =~ m{\b(Email|HTML)\.Phishing\.}i header L_AV_SS_Phish X-Amavis-AV-Status =~ m{\b(Email|Html)\.Phishing(\.[^., ]*)*\.Sanesecurity\.} header L_AV_SS_Scam X-Amavis-AV-Status =~ m{\b(Email|Html)\.(Scam[A-Za-z0-9]?)(\.[^., ]*)*\.Sanesecurity\.} header L_AV_SS_Spam X-Amavis-AV-Status =~ m{\b(Email|Html)\.(Spam|Bou|Stk|Loan|Cred|Job|Dipl|Doc)(\.[^., ]*)*\.Sanesecurity\.} header L_AV_SS_Hdr X-Amavis-AV-Status =~ m{\b(Email|Html)\.Hdr(\.[^., ]*)*\.Sanesecurity\.} header L_AV_SS_Img X-Amavis-AV-Status =~ m{\b(Email|Html)\.(Img|ImgO)(\.[^., ]*)*\.Sanesecurity\.} header L_AV_MSRBL_Img X-Amavis-AV-Status =~ m{\bMSRBL-Images/} header L_AV_MSRBL_Spam X-Amavis-AV-Status =~ m{\bMSRBL-SPAM\.} score L_AV_Phish 14 score L_AV_SS_Phish -3 score L_AV_SS_Scam 8 score L_AV_SS_Spam 8 score L_AV_SS_Hdr 6 score L_AV_SS_Img 3.5 score L_AV_MSRBL_Img 3.5 score L_AV_MSRBL_Spam 6 7) /etc/init.d/amavis restart References: ----------- http://www200.pair.com/mecham/spam/spamfilter20061118.html http://www.ijs.si/software/amavisd/release-notes.txt http://www.sanesecurity.co.uk/clamav/usage.htm http://www.msrbl.com/site/msrblspamdownload ------------------------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/ _______________________________________________ AMaViS-user mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
