At 7:02 AM -0700 10/22/09, John Rudd wrote:
Hope I haven't missed this one being discussed... but ...
APER is a project hosted at Google Code (Anti-Phishing Email Reply)
that tracks From, Reply-to, and Body URLs that match known phishing
attacks. There are a few examples for how to use it ... but I was
wondering:
Has anyone turned this into a regularly updated set of ClamAV signatures?
I've been tasked with implementing it, and I'd love to be able to just
plug it into my existing regiment of ClamAV signatures (I currently
use MBL, MSRBL, and some (but not all) of the signatures hosted at
Sane Security).
John
Steve (sane security) was in the process of implementing at least a subset.
I have to ask however. You mentioned it contains phish urls as well.
I have not been able to find that. However, we track phish
urls/domains in winnow_phish_complete.ndb
Tom
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
