[sanesecurity] Re: Signature news
- From: Chris <cpollock@xxxxxxxxxxxxxx>
- To: sanesecurity@xxxxxxxxxxxxx
- Date: Thu, 29 Oct 2009 21:35:38 -0500
On Fri, 2009-10-23 at 10:19 +0100, Steve Basford wrote:
> Hi All,
>
> I'm pleased to announce two new signatures databases:
>
> New Database 1:
>
> Database name: spearl.ndb
>
> Description: phishing_links is a list of generic forms used for e-mail
> account phishing
>
> Provider: APER
> Risk of FP's: low
> Website: http://code DOT google DOT com/p/anti-phishing-email-reply/
>
> New Database 2:
>
> Database name: scamnailer.ndb
>
> Note: this database may use more cpu resources, due to extensive use of
> conditional signatures
>
> Description: This uses far more than just the well-known list of phishing
> email addresses published on SourceForge. It also uses a very large list
> of addresses, which have been discovered and manually checked by a large
> and very well known corporation on the web, which you will definitely have
> heard of
>
> Provider: Julian Field/Tony Finch
> Risk of FP's: medium
> Website: www DOT scamnailer DOT info
>
Steve, I noticed in trying to d/l the spearl.ndb file that my log is
showing:
File
removed:
/usr/unofficial-dbs/add-dbs/http://code.google.com/p/anti-phishing-email-reply/
Oct 29 20:40:54 INFO - File
removed: /var/lib/clamav/http://code.google.com/p/anti-phishing-email-reply/
Oct 29 20:40:54 INFO - File
removed: /var/lib/clamav/http://code.google.com/p/anti-phishing-email-reply/-bak
going to the site I see:
NOTICE Due to a failure with Google Code's Subversion service, we are in
the process of transitioning this project to SourceForge.
Also, I've added this to my /etc/clamav-unofficial-sigs.conf file but
I'm not getting the scamnailer.ndb for some reason:
add_dbs="
http://code.google.com/p/anti-phishing-email-reply/spearl.ndb
http://www.mailscanner.eu/scamnailer.ndb
"
Possibly I'm doing something wrong there?
--
KeyID 0xE372A7DA98E6705C
Other related posts:
