[AMaViS-user] freebsd clamav .94 with dLP posted

Tue, 16 Sep 2008 09:00:54 -0700 

clamav .94 (security update/ function update) has been posted to freebsd 
ports servers.

clamav has 'dlp' in it now, and freebsd port has been uploaded
new signature detection enabled (from clamd.log)
note: new clamd.conf settings have to be enabled, is disabled by default.

Note2:  stripped ssn's are the same as stripped fed ex numbers.
also, international numbers, EIN numbers will trigger (some companies 
still email invoices with their EIN number in the email)
most 'fps'' I have found on this and on IDS/IPS signatures of the same 
ilk are foreign phone numbers (non us!)
Maybe in amavisd-2.7? we can separate out DLP type sigs like we did for 
phish.

from clamd.log:
Detection of broken executables enabled.
Mail files support enabled.
OLE2 support enabled.
PDF support enabled.
HTML support enabled.
Structured: Minimum Credit Card Number Count set to 1
Structured: Minimum Social Security Number Count set to 1
Self checking every 1800 seconds.
Set stacksize to 1114112
/var/amavis/tmp/amavis-20080916T114646-75495/parts/p001: Structured.SSN 
FOUND

maillog:
grep Structured /var/log/maillog
Sep 16 11:47:55 fl amavis[75495]: (75495-03) Blocked INFECTED 
(Structured.SSN), [217.78.190.225] [217.78.190.225] 
<[EMAIL PROTECTED]> -> <[EMAIL PROTECTED]>, quarantine: 
IIRCp7F+rxr4, Message-ID: <[EMAIL PROTECTED]>, 
mail_id: IIRCp7F+rxr4, Hits: -, size: 8749, 301 ms


-- 
Michael Scheidell, CTO
Main: 561-999-5000, Office: 561-939-7259
 > *| *SECNAP Network Security Corporation

    * Certified SNORT Integrator
    * Everything Channel Hot Product of 2008
    * Shaping Information Security Award 2008
    * CRN Magazine Top 40 Emerging Security Vendors

-------------------------------------------------------------------------
This SF.Net email is sponsored by the Moblin Your Move Developer's challenge
Build the coolest Linux based applications with Moblin SDK & win great prizes
Grand prize is a trip for two to an Open Source event anywhere in the world
http://moblin-contest.org/redirect.php?banner_id=100&url=/
_______________________________________________
AMaViS-user mailing list
[email protected] 
https://lists.sourceforge.net/lists/listinfo/amavis-user 
 AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 
 AMaViS-HowTos:http://www.amavis.org/howto/

Reply via email to