> Good morning list. > > Can anyone advise as to where one may get the latest > virus_name_to_spam_score_maps ? Hi Tom, Here's a couple of sample ones... @virus_name_to_spam_score_maps = (new_RE( # the order matters! [ qr'^Phishing\.' => 6.1 ], [ qr'^Email.Spam\d{1,4}-SecuriteInfo' => 4.1 ], [ qr'^(?:Email|HTML|Sanesecurity)\.(?:Phishing|SpearL?)\.'i => 6.1 ], [ qr'^(?:Email|HTML|Sanesecurity)\.(?:Spam|Scam)[a-z0-9]?\.'i => 4.6 ], [ qr'^Sanesecurity\.(?:Malware|Trojan)\.' => undef ], [ qr'^Sanesecurity\.(?:Test|Rogue)' => undef ], [ qr'^Sanesecurity\.(?:Hdr|Img|ImgO|Junk|Doc|Casino)\.'x => 6.1 ], [ qr'^Sanesecurity\.(?:Lott|Fake|SpamImg|Job|Stk)\.'x => 6.1 ], [ qr'^Sanesecurity\.(?:Loan|Porn|Bou|Dipl|Cred)\.'x => 6.1 ], [ qr'^Sanesecurity\.Jurlbl\.Auto\.'x => 1.6 ], [ qr'^Sanesecurity\.Jurlbl\.'x => 2.6 ], [ qr'^Sanesecurity\.SpamAttach_'x => 4.1 ], [ qr'^ScamNailer\.Phish\.'x => 2.6 ], [ qr'^Doppelstern\.Attachment\.'x => 4.1 ], [ qr'^Doppelstern\.(?:Job|Junk|Loan|Lott|Phishing|Scam4)\.'x =>2.6], [ qr'^winnow\.(?:botnets?|phish|complex|mailer)\.'x => 6.1 ], [ qr'^winnow\.image\.'x => 4.1 ], [ qr'^winnow\.spam(?:domain)?\.'x => 2.6 ], [ qr'^winnow\.(?:malware|trojan|compromised)\.'x => undef ], [ qr'^winnow\.'x => 2.6 ], [ qr'^INetMsg\.SpamDomain-2w\.' => 3.0 ], [ qr'^INetMsg\.' => 2.0 ], [ qr'^MSRBL-Images\.' => 2.1 ], [ qr'^MSRBL-SPAM\.' => 5.1 ], [ qr'^MBL_' => undef ], # keep as infected )); @virus_name_to_spam_score_maps = (new_RE( # the order matters! [ qr'^Structured\.(SSN|CreditCardNumber)\b' => 0.1 ], [ qr'^(Heuristics\.)?Phishing\.' => 0.1 ], [ qr'^(Email|HTML)\.Phishing\.(?!.*Sanesecurity)' => 0.1 ], [ qr'^Sanesecurity\.(Malware|Rogue|Trojan)\.' => undef ],# keep as infected [ qr'^Sanesecurity\.' => 0.1 ], [ qr'^Sanesecurity_PhishBar_' => 0 ], [ qr'^Sanesecurity.TestSig_' => 0 ], [ qr'^Email\.Spam\.Bounce(\.[^., ]*)*\.Sanesecurity\.' => 0 ], [ qr'^Email\.Spammail\b' => 0.1 ], [ qr'^MSRBL-(Images|SPAM)\b' => 0.1 ], [ qr'^VX\.Honeypot-SecuriteInfo\.com\.Joke' => 0.1 ], [ qr'^VX\.not-virus_(Hoax|Joke)\..*-SecuriteInfo\.com(\.|\z)' => 0.1 ], [ qr'^Email\.Spam.*-SecuriteInfo\.com(\.|\z)' => 0.1 ], [ qr'^Safebrowsing\.' => 0.1 ], [ qr'^winnow\.(phish|spam)\.' => 0.1 ], [ qr'^INetMsg\.SpamDomain' => 0.1 ], [ qr'^Doppelstern\.(Scam4|Phishing)' => 0.1 ], [ qr'^ScamNailer\.Phish\.' => 0.1 ], [ qr'^HTML/Bankish' => 0.1 ], # F-Prot [ qr'-SecuriteInfo\.com(\.|\z)' => undef ], # keep as infected [ qr'^MBL_NA\.UNOFFICIAL' => 0.1 ], # false positives [ qr'^MBL_' => undef ], # keep as infected )); Note: neither include CRDF signature names. If anyone can produce a default template then I'll add one to the website. Hope it helps, Steve Sanesecurity