On 5 Sep 2011, at 15:18, Matus UHLAR - fantomas wrote:
I'm trying to distinguish between phishing and other signatures on a
mail server - phishing reports should be passed to our abuse@
account, but not elsewhere.
>> Therefore, it's not possible to play with options to disable
phishing signatures detection ClamAV or use multiple clamav daemons
- I just need to distinguish them from viruses and possibly other
unwanted content.
Do you have an idea how should I detect if a mail is a phish, or any
other content (which?) that should our abuse@ teram know about?
On 06.09.11 09:08, Ian Eiloart wrote:
You can use an ACL to set a message variable, which will probably use
something vaguely like this untested
warn
malware = *
set acl_m_phish = true
condition = eq{${substr{0}{15}{$malware_name}}{Email.Phishing.}
Then, in your subsequent ACLs, you can exempt this email from
rejection
You have apparently missed out that I am NOT trying to solve HOW to
reject or allow the content, but HOW to differ between Phishing and
other content, or, WHAT content to pass to abuse@ addresses but reject
when send everywhere else.
You have only provided an example for "Email.Phishing."
Note there are also many "HTML.Phishing." signatures and there is also
one "E-Mail.Phishing." and "PDF.Phishing" and also many "Email."
"HTML." and whatever.
I guess the main problem is that whils clamav supports Phishing
detection, and maybe it can differ between phishing, virus, whatever
signatures, but the FOUND message does not tell the type of signature,
only its name.
BTW, while I have completely no idea where to configfure what you
provided above, but since it's not what I've asked for, it does not
matter.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
BSE = Mad Cow Desease ... BSA = Mad Software Producents Desease
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml