[sanesecurity] Re: SaneSecurity Signatures

  • From: Sujit Acharyya-choudhury <s.choudhury@xxxxxxxxx>
  • To: "sanesecurity@xxxxxxxxxxxxx" <sanesecurity@xxxxxxxxxxxxx>
  • Date: Tue, 31 May 2016 18:05:02 +0000

Thanks Steve.   I shall try to do something like that.  In the meantime, 
SaneSecurity has rejected many more "really" rubbish mail.  Many thanks for 
the signatures.

Sujit

-----Original Message-----
From: sanesecurity-bounce@xxxxxxxxxxxxx 
[mailto:sanesecurity-bounce@xxxxxxxxxxxxx] On Behalf Of Steve Basford
Sent: 31 May 2016 18:59
To: sanesecurity@xxxxxxxxxxxxx
Subject: [sanesecurity] Re: SaneSecurity Signatures


On Tue, May 31, 2016 4:41 pm, Sujit Acharyya-choudhury wrote:

Hi Steve,
Thanks for your e-mail.  However, I am using clamd to check for virus
and adding the "LOW" SaneSecurity signatures to improve ClamAV, which
is not very useful without SaneSecurity.  What you are suggesting I
think is ideal for amavisd-new.  However, in our Exim config, we have
the following
line:
av_scanner = clamd:193.61.xx.yy 3310

and the machine 193.61.xx.yy is used solely for ClamAV and now for
ClamAV

How about this...

http://www.exim.org/exim-html-current/doc/html/spec_html/ch-content_scanning_at_acl_time.html

" New malware type "sock".  Talks over a Unix or TCP socket, sending one
    command line and matching a regex against the return data for trigger
    and a second regex to extract malware_name.  The mail spoolfile name can
    be included in the command line."


Cheers,

Steve
Web : sanesecurity.com
Blog: sanesecurity.blogspot.com
Twitter: @sanesecurity


Attachment: smime.p7s
Description: S/MIME cryptographic signature

Other related posts:

  1. Home
  2. sanesecurity
  3. Archive
  4. 05-2016