Re: [Clamav-users] Clamav phishing sigs
Steve Basford wrote: > Darren G Pifer wrote: > >> So, the e-mail team and security staff need to be able to create >> signatures so >> that clamd can detect this spam, and similar phishing, and need to get >> the >> database updated in a short time frame. I do not think submitting >> these to the >> ClamAV database maintainers or other signature maintainers to update the >> databases and get the databases downloaded is going to suffice. >> >> > Totally understand I have been adding some of these seemingly > "targeted" ones into the database, as most of the time, > the body of the email is the same... all they do is change the name of > the university... for example, does this one look > like the same thing you've been seeing: > > http://gwblogspot.blogspot.com/2008/07/email-scam.html > http://technews.ucdavis.edu/news2.cfm?id=1666 > > The offer is there... if you have any samples you want me to add, to > benefit other uni's too... just sent them to: [EMAIL PROTECTED] > Looks the same to me, except for the name of the uni. I will do as you suggest, that is, send ODU specific e-mail to the above address. I will also take a look at the link sent earlier to see if we can make our own signatures. Darren ODU ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] Clamav phishing sigs
Chambers, Phil wrote: > Take a look at > > http://iserv.rs-hilter.de/doc/clamav-0.91.2/signatures.pdf > I have seen this document but it does not show how to add signatures to a database OR for clamd to detect the phishing e-mail. I was able to create the signature (a .hbd file) and clamscan detects the phishing but clamd does not. Maybe I am missing something. Darren ODU > Which I found very useful for exactly this situation. > > Phil. > > Phil Chambers > Postmaster > University of Exeter > ___ > Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net > http://www.clamav.net/support/ml > > > -- > BEGIN-ANTISPAM-VOTING-LINKS > -- > > Teach CanIt if this mail (ID 99007033) is spam: > Spam:https://www.spamtrap.odu.edu/b.php?c=s&i=99007033&m=c2eab1b7b6c8 > Not spam:https://www.spamtrap.odu.edu/b.php?c=n&i=99007033&m=c2eab1b7b6c8 > Forget vote: https://www.spamtrap.odu.edu/b.php?c=f&i=99007033&m=c2eab1b7b6c8 > -- > END-ANTISPAM-VOTING-LINKS > > ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] Clamav phishing sigs
Hi Steve, The site is interesting and will help with general cases but lately the school is getting phishing specific to the university, which does not help us. For an example, the latest phishing we got had a Subject: ODU Network and in the body of the message contained: The reason for this message is because of the Email Scams & Phishing going on the ODU Network. We have decided to contact all our students and staffs to provide their password so that we can confirm the active users and to de-activate the inactive user. We regret the inconveniences this might have cost you. Please provide us with the below details. Username: Password: So, the e-mail team and security staff need to be able to create signatures so that clamd can detect this spam, and similar phishing, and need to get the database updated in a short time frame. I do not think submitting these to the ClamAV database maintainers or other signature maintainers to update the databases and get the databases downloaded is going to suffice. Regards, Darren Steve Basford wrote: > Hi Darron, > > You could try and use my add-on clamav sigs here: > > http://www.sanesecurity.co.uk/clamav/usage.htm > http://www.sanesecurity.co.uk/clamav/downloads.htm > > If your find the samples you have still are being missed: > > http://www.sanesecurity.co.uk/clamav/feedback.htm > > I'll see if I can create a signature for you, which may also help others. > > Also, extra docs (a little outdated here): > > http://www.sanesecurity.co.uk/clamav/docs.htm > > Cheers, > > Steve > Sanesecurity > > > > -- > BEGIN-ANTISPAM-VOTING-LINKS > -- > > Teach CanIt if this mail (ID 98963468) is spam: > Spam:https://www.spamtrap.odu.edu/b.php?c=s&i=98963468&m=3736acdb8e69 > Not spam:https://www.spamtrap.odu.edu/b.php?c=n&i=98963468&m=3736acdb8e69 > Forget vote: https://www.spamtrap.odu.edu/b.php?c=f&i=98963468&m=3736acdb8e69 > -- > END-ANTISPAM-VOTING-LINKS > > ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
[Clamav-users] Is it possible to add signatures to the ClamAV database?
Hello, Just to let everyone know, I have been searching for the answer to this question by using Google and searching on the ClamAV web site but still have not found an answer. I have viewed the information at: www.*clamav*.net/doc/latest/*signatures*.pdf but it still does not show me how to add signatures to the database. The reason I need to create our own signatures, is that the university is getting more phishing specific to the university - Old Dominion University. So, it would not make sense to file these with the CVD database maintainers as it would do no good for anyone else. So, I have been looking for a way to add signatures to the daily.cvd file. I am able to create the signature with sigtool and clamscam detects that I added it but the clamd daemon does not detect it. One document suggests placing the .hdb (signature) file in the ClamAV directory and restarting clamd, and then clamd will read this file. This does not work. Anyhow, if anybody has done this, please let me know. Regards, Darren Old Dominion University Norfolk, VA ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
