Re: [Clamav-users] Clamav phishing sigs

2008-08-08 Thread Darren G Pifer
Hi Steve, The site is interesting and will help with general cases but lately the school is getting phishing specific to the university, which does not help us. For an example, the latest phishing we got had a Subject: ODU Network and in the body of the message contained: The reason for this

Re: [Clamav-users] Clamav phishing sigs

2008-08-08 Thread Chambers, Phil
Take a look at http://iserv.rs-hilter.de/doc/clamav-0.91.2/signatures.pdf Which I found very useful for exactly this situation. Phil. Phil Chambers Postmaster University of Exeter ___ Help us build a comprehensive ClamAV guide:

Re: [Clamav-users] Clamav phishing sigs

2008-08-08 Thread Darren G Pifer
Chambers, Phil wrote: Take a look at http://iserv.rs-hilter.de/doc/clamav-0.91.2/signatures.pdf I have seen this document but it does not show how to add signatures to a database OR for clamd to detect the phishing e-mail. I was able to create the signature (a .hbd file) and clamscan

Re: [Clamav-users] Clamav phishing sigs

2008-08-08 Thread Jan Pieter Cornet
On Fri, Aug 08, 2008 at 09:44:11AM -0400, Darren G Pifer wrote: Hi Steve, The site is interesting and will help with general cases but lately the school is getting phishing specific to the university, which does not help us. Have you considered using a regular-expression based filtering

Re: [Clamav-users] Clamav phishing sigs

2008-08-08 Thread Chambers, Phil
-Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Darren G Pifer Sent: Fri 08 August 2008 15:09 To: ClamAV users ML Subject: Re: [Clamav-users] Clamav phishing sigs Chambers, Phil wrote: Take a look at http://iserv.rs-hilter.de/doc

Re: [Clamav-users] Clamav phishing sigs

2008-08-08 Thread Dennis Peterson
Noel Jones wrote: Darren G Pifer wrote: Chambers, Phil wrote: Take a look at http://iserv.rs-hilter.de/doc/clamav-0.91.2/signatures.pdf I have seen this document but it does not show how to add signatures to a database OR for clamd to detect the phishing e-mail. I was able to create

Re: [Clamav-users] Clamav phishing sigs

2008-08-08 Thread Noel Jones
Dennis Peterson wrote: Noel Jones wrote: Darren G Pifer wrote: Chambers, Phil wrote: Take a look at http://iserv.rs-hilter.de/doc/clamav-0.91.2/signatures.pdf I have seen this document but it does not show how to add signatures to a database OR for clamd to detect the phishing

Re: [Clamav-users] Clamav phishing sigs

2008-08-08 Thread Darren G Pifer
Steve Basford wrote: Darren G Pifer wrote: So, the e-mail team and security staff need to be able to create signatures so that clamd can detect this spam, and similar phishing, and need to get the database updated in a short time frame. I do not think submitting these to the ClamAV

Re: [Clamav-users] Clamav phishing sigs

2008-08-08 Thread Gerard
On Fri, 08 Aug 2008 13:26:23 -0500 Noel Jones [EMAIL PROTECTED] wrote: If the sig works with clamscan, it will also work with clamdscan. Clamd must be stopped and restarted to recognize new signature files. You can use something like: pidof clamd # Get the pid of clamd