[sanesecurity] Re: virus_name_to_spam_score_maps

• From: Steffen Ille <steffen@xxxxxxxxxxxxxxx>
• To: sanesecurity@xxxxxxxxxxxxx
• Date: Mon, 29 Nov 2010 09:12:31 +0100

Hello.

I still use this ones, as posted on this list some months ago:

@virus_name_to_spam_score_maps =
  (new_RE(  # the order matters!
  [ qr'^Phishing\.'                                             => 5.0 ],
  [ qr'^Structured\.(SSN|CreditCardNumber)\b'                   => 5.0 ],
  [ qr'^(Email|HTML)\.Phishing\.(?!.*Sanesecurity)'             => 5.0 ],
  [ qr'^Sanesecurity\.(Malware|Rogue|Trojan)\.' => undef ],# keep infected
  [ qr'^Sanesecurity\.'                                         => 5.0 ],
  [ qr'^Sanesecurity_PhishBar_'                                 => 5.0 ],
  [ qr'^Sanesecurity.TestSig_'                                  => 5.0 ],
  [ qr'^Email\.Spam\.Bounce(\.[^., ]*)*\.Sanesecurity\.'        => 5.0 ],
  [ qr'^Email\.Spammail\b'                                      => 5.0 ],
  [ qr'^MSRBL-(Images|SPAM)\b'                                  => 5.0 ],
  [ qr'^VX\.Honeypot-SecuriteInfo\.com\.Joke'                   => 5.0 ],
  [ qr'^VX\.not-virus_(Hoax|Joke)\..*-SecuriteInfo\.com(\.|\z)' => 5.0 ],
  [ qr'^Email\.Spam.*-SecuriteInfo\.com(\.|\z)'                 => 5.0 ],
  [ qr'^Safebrowsing\.'                                         => 5.0 ],
  [ qr'^winnow\.(phish|spam)\.'                                 => 5.0 ],
  [ qr'^INetMsg\.SpamDomain'                                    => 5.0 ],
  [ qr'-SecuriteInfo\.com(\.|\z)'         => undef ],  # keep as infected
  [ qr'^MBL_NA\.UNOFFICIAL'               => 3.0 ],    # false positives
  [ qr'^MBL_'                             => undef ],  # keep as infected
));

But keep in mind, that there's a newer Configuration-Option available
which is intended to replace those old setting:
http://www.ijs.si/software/amavisd/release-notes.txt

- a new configuration variable @virus_name_to_policy_bank_maps has been
  introduced. It allows loading of policy banks based on a virus name
  as reported by virus scanners. Reported names converted to spam by a
  @virus_name_to_spam_score_maps are no longer treated as virus names
  and as such are not eligible to @virus_name_to_policy_bank_maps.

BTW: Does anyone already have an working policy-bank where the above
mentioned virus_name_to_spam_score_maps settings have been "converted" to?

Cheers, Steffen




Am 29.11.2010 07:44, schrieb Tom Kinghorn:
>  Good morning list.
> 
> Can anyone advise as to where one may get the latest
> virus_name_to_spam_score_maps ?
> 
> Many thanks
> 
> Tom
> 

begin:vcard
fn:Steffen Ille
n:Ille;Steffen
org;quoted-printable:Bauhaus-Universit=C3=A4t Weimar;SCC
adr;quoted-printable;quoted-printable:;;Steubenstra=C3=9Fe 
6a;Weimar;Th=C3=BCringen;99423;Deutschland
email;internet:steffen@xxxxxxxxxxxxxxx
title:Dip.-Ing. (BA)
tel;work:+49(0)3643-582413
tel;fax:+49(0)3643-582402
tel;home:+49(0)36427-21529
tel;cell:+49(0)176-21201127
url:http://www.uni-weimar.de
version:2.1
end:vcard

• References:
  • [sanesecurity] virus_name_to_spam_score_maps
    • From: Tom Kinghorn

Other related posts:

• » [sanesecurity] virus_name_to_spam_score_maps- Tom Kinghorn
• » [sanesecurity] Re: virus_name_to_spam_score_maps - Steffen Ille
• » [sanesecurity] Re: virus_name_to_spam_score_maps- Steve Basford
• » [sanesecurity] Re: virus_name_to_spam_score_maps- Bill Landry
• » [sanesecurity] Re: virus_name_to_spam_score_maps- Daniel McDonald

1. Home
2. sanesecurity
3. Archive
4. 11-2010

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---