On Tue, 19 Feb 2008, Gomes, Rich wrote:
> I have a specific need to quarantine emails coming from a particular
> email address.

A quick hack would be to make a signature that includes the address, and
some other identifying information from a mail header.

Everything you need to know is here, although not documented as nicely as
it could be:  http://www.clamav.org/doc/latest/signatures.pdf

Basically, you use "sigtool --hex-dump" to create hex signature of some
text (in this case, the email address in question), and put that into a
regular text file ending with the extension .db in your signature
directory.  (Make sure you chop off the 0a byte at the end.)

The file format is very simple.  Example:
temp.email.signature=62696c6c7940626f622e636f6d

(Whatever you want to call the signature on the left, an = sign, and then
the hex sig on the right.)

If you're going to leave it on for any length of time, you're should be at
least slightly clever and not only have the address listed, but also some
header info, to make sure you don't intercept messages TO that address or
messages that simply contain that address.

Info about wildcards is in the docs, if you need it.

Make sure you reload the databases once you make the change, if you're
using the clam daemon.

Good luck.

Jeffrey Moskot
System Administrator
[EMAIL PROTECTED]
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://lurker.clamav.net/list/clamav-users.html

Reply via email to