[sanesecurity] Re: Script update

  • From: Wolfgang Zeikat <wolfgang.zeikat@xxxxxxx>
  • To: sanesecurity@xxxxxxxxxxxxx
  • Date: Thu, 8 Sep 2011 22:36:16 +0200

Hi Bill and all,

On 2011-08-28 01:50, Bill Landry wrote:
> and since I rarely receive FP reports for
> the INetMsg SpamDomains signature databases, I am considering
> including one of them, as well.

for the records: we had seen so many FPs with them after we had started 
to use them that we score them lower than other unofficial databases. 
After having changed their score long time ago, we have hardly received 
FP reports from our users containing SpamDomain hits anymore, so at 
least our hardly reporting FPs with them may be misleading.

On our 3 parallel SA hosts with ClamAV, we have seen the hits below 
between
Sun Sep  4 04:06:09 2011 and
Thu Sep  8 22:12:57 2011.

The thousands of hits with INetMsg SpamDomain-2m in those 5 days are 
somewhat exceptional: in the 3 weeks before that we had about 250 per 
host and week ...

Best regards,

wolfgang


[host2] ~ # grep UNOFFICIAL /var/log/clamav/clamd.log | awk '{print 
$8}' | \
> awk -F "." '{print $1,$2}' | sort | uniq -c | sort
     11 Sanesecurity Malware
     16 Doppelstern Loan
    196 Sanesecurity Junk
      1 Doppelstern Lott
      1 Sanesecurity Casino
      1 Sanesecurity Dipl
      1 Sanesecurity Rogue
      1 Sanesecurity Stk
    205 Sanesecurity Jurlbl
   2511 INetMsg SpamDomain-2m
     27 Doppelstern Junk
     29 Sanesecurity Lott
      3 Sanesecurity SpamAttach
     44 Sanesecurity Spam
      4 Sanesecurity Hdr
      4 Sanesecurity Spear
     51 Sanesecurity Phishing
     65 Doppelstern Scam4
      7 Sanesecurity ScamL
      7 Sanesecurity SpearL
   8259 INetMsg SpamDomain-2w
     89 Sanesecurity Scam4
      8 Sanesecurity SpamL
      8 ScamNailer Phish
[host3] ~ # grep UNOFFICIAL /var/log/clamav/clamd.log | awk '{print 
$8}' | awk -F "." '{print $1,$2}' | sort | uniq -c | sort
     14 Doppelstern Loan
     14 Sanesecurity SpearL
    161 Sanesecurity Junk
     17 Sanesecurity SpamL
      1 MBL_234274 UNOFFICIAL
      1 Sanesecurity Spam4
      1 Sanesecurity SpamAttach
      1 winnow phish
    240 Sanesecurity Jurlbl
   2416 INetMsg SpamDomain-2m
     26 Sanesecurity Lott
     27 Doppelstern Junk
      2 Sanesecurity Casino
      3 Sanesecurity Hdr
      3 Sanesecurity Rogue
      3 Sanesecurity Spear
     40 Sanesecurity Spam
     44 Sanesecurity Phishing
     55 Doppelstern Scam4
      5 Sanesecurity ScamL
      7 Sanesecurity Malware
      7 ScamNailer Phish
   8176 INetMsg SpamDomain-2w
     82 Sanesecurity Scam4
[host4] ~ # grep UNOFFICIAL /var/log/clamav/clamd.log | awk '{print 
$8}' | awk -F "." '{print $1,$2}' | sort | uniq -c | sort
     10 Sanesecurity Malware
     11 Sanesecurity ScamL
     11 Sanesecurity SpamL
     12 ScamNailer Phish
     14 Doppelstern Loan
    187 Sanesecurity Junk
     19 Sanesecurity Lott
      1 Doppelstern Phishing
      1 Sanesecurity Casino
      1 Sanesecurity Dipl
      1 Sanesecurity Rogue
      1 Sanesecurity Spam4
      1 Sanesecurity Stk
      1 winnow phish
    222 Sanesecurity Jurlbl
   2461 INetMsg SpamDomain-2m
      2 Sanesecurity Spear
     33 Doppelstern Junk
     39 Sanesecurity Spam
     51 Sanesecurity Phishing
     59 Doppelstern Scam4
      5 Sanesecurity Hdr
      5 Sanesecurity SpamAttach
   8204 INetMsg SpamDomain-2w
     84 Sanesecurity Scam4
      9 Sanesecurity SpearL

Other related posts:

  1. Home
  2. sanesecurity
  3. Archive
  4. 09-2011