So if I am going to trigger on one address (i.e. [EMAIL PROTECTED]) my syntax will be:
sigtool --hex-dump [EMAIL PROTECTED] > mycustomsignature.db Correct? -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of jef moskot Sent: Tuesday, February 19, 2008 12:41 PM To: ClamAV users ML Subject: Re: [Clamav-users] quarantine on specific from address On Tue, 19 Feb 2008, Gomes, Rich wrote: > I have a specific need to quarantine emails coming from a particular > email address. A quick hack would be to make a signature that includes the address, and some other identifying information from a mail header. Everything you need to know is here, although not documented as nicely as it could be: http://www.clamav.org/doc/latest/signatures.pdf Basically, you use "sigtool --hex-dump" to create hex signature of some text (in this case, the email address in question), and put that into a regular text file ending with the extension .db in your signature directory. (Make sure you chop off the 0a byte at the end.) The file format is very simple. Example: temp.email.signature=62696c6c7940626f622e636f6d (Whatever you want to call the signature on the left, an = sign, and then the hex sig on the right.) If you're going to leave it on for any length of time, you're should be at least slightly clever and not only have the address listed, but also some header info, to make sure you don't intercept messages TO that address or messages that simply contain that address. Info about wildcards is in the docs, if you need it. Make sure you reload the databases once you make the change, if you're using the clam daemon. Good luck. Jeffrey Moskot System Administrator [EMAIL PROTECTED] _______________________________________________ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html _______________________________________________ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
