Michael Scheidell wrote: > Clamav .95 (available in Freebsd Ports), and appears to be upward > compatible with amavisd-new... > > Has added a new set of signatures, based on Google's 'safebrowsing' feature. > > (on google, you go where you arn't supposed to go via a google lookup, > and they warn you) > > This same set of url's is available from clamav if you enable them. > > http://www.clamav.net/support/faq-safebrowsing > > so, I think. adding this to amavisd.conf will use score any email that > has one of these url's in it +10 points, right? > > go from: > > @virus_name_to_spam_score_maps = > (new_RE( [ qr'^(Email|HTML)\.(Phishing|Spam|Scam[a-z0-9]?)\.'i => 10 ], > [ qr'^(Email|Html)\.Malware\.Sanesecurity\.' => 10 ], > [ qr'^(Email|Html)(\.[^., ]*)*\.Sanesecurity\.' => 10 ], > # [ qr'^(Email|Html)\.(Hdr|Img|ImgO|Bou|Stk|Loan|Cred|Job|Dipl|Doc) > # (\.[^., ]*)* \.Sanesecurity\.'x => 0.1 ], > [ qr'^Safebrowsing\.' => 10 ], > [ qr'^(MSRBL-Images/|MSRBL-SPAM\.)' => 6 ], > )); > > > to: > @virus_name_to_spam_score_maps = > (new_RE( [ qr'^(Email|HTML)\.(Phishing|Spam|Scam[a-z0-9]?)\.'i => 10 ], > [ qr'^(Email|Html)\.Malware\.Sanesecurity\.' => 10 ], > [ qr'^(Email|Html)(\.[^., ]*)*\.Sanesecurity\.' => 10 ], > # [ qr'^(Email|Html)\.(Hdr|Img|ImgO|Bou|Stk|Loan|Cred|Job|Dipl|Doc) > # (\.[^., ]*)* \.Sanesecurity\.'x => 0.1 ], > [ qr'^(MSRBL-Images/|MSRBL-SPAM\.)' => 6 ], > )); > > > who is using it this way, or are you using > X-Amavis-AV-Status and *.cf rules to score them? > > debugging: log_level needs to be 2 to find these, right? > > > The log can now show entries like: > > amavis[26733]: (26733-03-2) Turning AV infection into a spam report: > score=0.1, AV:HTML.Phishing.Auction-289=0.1 > > > and, if using the *.cf rules, I suppose something like: > > header L_AV_SAFEB_Spam X-Amavis-AV-Status = > ~m{\b(Email|Html)\.Safebrowsing(\.[^., ]*)\.}m > score LV_AV_SAFEB 5 > > > >
Me too... Recently some new signatures were added (winnow). I'd love to see custom SA rules as well based on this: http://www200.pair.com/mecham/spam/amavis-sanesecurity_v2.cf TIA... ------------------------------------------------------------------------------ This SF.net email is sponsored by: High Quality Requirements in a Collaborative Environment. Download a free trial of Rational Requirements Composer Now! http://p.sf.net/sfu/www-ibm-com _______________________________________________ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
