Many thanks Brent! Regards nic
---------------------------------------- > Date: Thu, 7 Nov 2013 11:32:07 -0700 > From: [email protected] > To: [email protected] > Subject: Re: [qmailtoaster] plague caused by virus > > On 11/06/2013 07:56 PM, Nicholas Chua wrote: >> Hi Brent >> >>> You might take a look at the SaneSecurity Foxhole signatures for ClamAV: >>> >>> http://sanesecurity.com/foxhole-databases/ >>> >>> >>> These are designed to hit on any executable in an archive file. >>> >>> >>> Regards, >>> >>> >>> Brent Gardner >>> >> Are you able to teach me how do i use foxhole only? >> > Nic- > > Install QmailToaster Plus if you don't already have it. Instructions here: > > http://qtp.qmailtoaster.com/trac > > > Then, with root privileges, run qtp-install-sanesecurity. More info here: > > http://qtp.qmailtoaster.com/trac/wiki/Features#qtp-install-sanesecurity > > > Then, edit /etc/clamav-unofficial-sigs.conf. There's a section that > starts like this: > > # ======================== > # Sanesecurity Database(s) > # ======================== > > > In this section, there's a statement: > > ss_dbs=" > <lots of> > <signature> > <db names> > " > > > If you want to run -only- the foxhole signatures, remove all the other > signature DB names between the quotes and add the foxhole signature db > name of your choice on a line by itself between the quotes. There's at > least three foxhole signature databases so you'll need to choose which > one's right for you. More info here: > > http://sanesecurity.com/foxhole-databases/ > > > The SaneSecurity updater script also downloads SecuriteInfo and > MalwarePatrol databases. If you want to prevent this you'll also need > to comment out the corresponding sections in clamav-unofficial-sigs.conf. > > > Regards, > > Brent Gardner > > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [email protected] > For additional commands, e-mail: [email protected] >
