Many thanks Brent!

Regards
nic


----------------------------------------
> Date: Thu, 7 Nov 2013 11:32:07 -0700
> From: [email protected]
> To: [email protected]
> Subject: Re: [qmailtoaster] plague caused by virus
>
> On 11/06/2013 07:56 PM, Nicholas Chua wrote:
>> Hi Brent
>>
>>> You might take a look at the SaneSecurity Foxhole signatures for ClamAV:
>>>
>>> http://sanesecurity.com/foxhole-databases/
>>>
>>>
>>> These are designed to hit on any executable in an archive file.
>>>
>>>
>>> Regards,
>>>
>>>
>>> Brent Gardner
>>>
>> Are you able to teach me how do i use foxhole only?
>>
> Nic-
>
> Install QmailToaster Plus if you don't already have it. Instructions here:
>
> http://qtp.qmailtoaster.com/trac
>
>
> Then, with root privileges, run qtp-install-sanesecurity. More info here:
>
> http://qtp.qmailtoaster.com/trac/wiki/Features#qtp-install-sanesecurity
>
>
> Then, edit /etc/clamav-unofficial-sigs.conf. There's a section that
> starts like this:
>
> # ========================
> # Sanesecurity Database(s)
> # ========================
>
>
> In this section, there's a statement:
>
> ss_dbs="
> <lots of>
> <signature>
> <db names>
> "
>
>
> If you want to run -only- the foxhole signatures, remove all the other
> signature DB names between the quotes and add the foxhole signature db
> name of your choice on a line by itself between the quotes. There's at
> least three foxhole signature databases so you'll need to choose which
> one's right for you. More info here:
>
> http://sanesecurity.com/foxhole-databases/
>
>
> The SaneSecurity updater script also downloads SecuriteInfo and
> MalwarePatrol databases. If you want to prevent this you'll also need
> to comment out the corresponding sections in clamav-unofficial-sigs.conf.
>
>
> Regards,
>
> Brent Gardner
>
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [email protected]
> For additional commands, e-mail: [email protected]
>                                         

Reply via email to