Hi Steve,
The site is interesting and will help with general cases but lately the
school is getting phishing specific to the university, which does not
help us. For an example, the latest phishing we got had a Subject: ODU
Network and in the body of the message contained:
The reason for this
Take a look at
http://iserv.rs-hilter.de/doc/clamav-0.91.2/signatures.pdf
Which I found very useful for exactly this situation.
Phil.
Phil Chambers
Postmaster
University of Exeter
___
Help us build a comprehensive ClamAV guide:
Chambers, Phil wrote:
Take a look at
http://iserv.rs-hilter.de/doc/clamav-0.91.2/signatures.pdf
I have seen this document but it does not show how to add signatures
to a database OR for clamd to detect the phishing e-mail. I was able
to create the signature (a .hbd file) and clamscan
On Fri, Aug 08, 2008 at 09:44:11AM -0400, Darren G Pifer wrote:
Hi Steve,
The site is interesting and will help with general cases but lately the
school is getting phishing specific to the university, which does not
help us.
Have you considered using a regular-expression based filtering
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
Darren G Pifer
Sent: Fri 08 August 2008 15:09
To: ClamAV users ML
Subject: Re: [Clamav-users] Clamav phishing sigs
Chambers, Phil wrote:
Take a look at
http://iserv.rs-hilter.de/doc
Noel Jones wrote:
Darren G Pifer wrote:
Chambers, Phil wrote:
Take a look at
http://iserv.rs-hilter.de/doc/clamav-0.91.2/signatures.pdf
I have seen this document but it does not show how to add signatures
to a database OR for clamd to detect the phishing e-mail. I was able
to create
Dennis Peterson wrote:
Noel Jones wrote:
Darren G Pifer wrote:
Chambers, Phil wrote:
Take a look at
http://iserv.rs-hilter.de/doc/clamav-0.91.2/signatures.pdf
I have seen this document but it does not show how to add signatures
to a database OR for clamd to detect the phishing
Steve Basford wrote:
Darren G Pifer wrote:
So, the e-mail team and security staff need to be able to create
signatures so
that clamd can detect this spam, and similar phishing, and need to get
the
database updated in a short time frame. I do not think submitting
these to the
ClamAV
On Fri, 08 Aug 2008 13:26:23 -0500
Noel Jones [EMAIL PROTECTED] wrote:
If the sig works with clamscan, it will also work with clamdscan.
Clamd must be stopped and restarted to recognize new signature
files.
You can use something like:
pidof clamd # Get the pid of clamd