Well that is certainly simple, and seems to just work. Thanks for the info!
________________________________________ From: clamav-users [[email protected]] on behalf of TR Shaw [[email protected]] Sent: Monday, March 30, 2015 3:42 PM To: ClamAV users ML Subject: Re: [clamav-users] Blocking malicious URLs in a local database your.local.ndb file: "signame.1:4:*:" . bin2hex("http://bad.domain.com/path";) . "\n"; "signame.2:5:*:" . bin2hex("http://bad.domain.com/path";) . "\n"; On Mar 30, 2015, at 2:34 PM, Dave McMurtrie <[email protected]> wrote: > Hi, > > Hopefully someone here can steer me in the right direction. I'm looking for > a simple way to be able to create a local signature such that when we become > aware of a phishing message targeting our users that contains a malicious > URL, I can quickly respond by configuring ClamAV to identify them so we can > block them. > > After reading the phishsigs_howto, it looks like adding entries to a > local.gdb file would accomplish what I want, but thus far that isn't working > for me. I'm fairly certain that I have the format correct because clamdscan > is properly detecting messages with URLs that I put in my local.gdb file. > However, clamd is not detecting the URLs when our milter code connects to the > clamd socket. The difference seems to be whether it's in the context of > scanning a file or a mail message, since debug output shows me that it's > taking a different code path. I posted to the list earlier with more > specific questions about this, but never did track it down. > > My questions: > > 1) Is the local.gdb file even intended for this purpose? > > 2) Is there a better way to accomplish this? > > Thanks! > > Dave > _______________________________________________ > Help us build a comprehensive ClamAV guide: > https://github.com/vrtadmin/clamav-faq > > http://www.clamav.net/contact.html#ml _______________________________________________ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml _______________________________________________ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
