Have you automated their upload to ClamAV.net using clamsubmit? Sent from my iPhone
> On Sep 2, 2019, at 05:11, G.W. Haywood via clamav-users > <clamav-users@lists.clamav.net> wrote: > > Hi there, > > If you've been paying even scant attention to the list mail you'll > know that I've been doing some testing, particularly of clamd, when > it's used for scanning mail. > > This is something of side issue, but I'll throw it into the pot to see > if anything comes of it. > > The testing that I'm doing is for more than one purpose; there's clamd > itself (that is whether my patched version crashes, or whatever); and > there's the milter which feeds it. The milter isn't the one supplied > with ClamAV, it's one of my own written in pure Perl and it needs much > more thrashing than it's getting at the moment because I need it to be > reliable. And now, there's this side issue - which might blossom into > something which I think may be more interesting - the potential for an > automated submission system for messages which are certainly spam, but > for which the databases don't have a matching signature. It could go > well beyond that, but right now I don't want to get ahead of myself. > > There seems to be some kind of a spammer campaign at the moment which > uses IPs from all over the planet to attempt to send much the same > kind of message. Normally I wouldn't see these messages, they'd be > rejected at the CONNECT stage after the connecting IP had been found > in nearly a dozen DNS block lists. But I'm desperate for more traffic > to test clamd and my milter, so I've configured the milter to allow a > message which has already triggered a REJECT response to reach all the > way to End Of Message, so that clamd can scan it. Then, after logging > the message text, even if clamd says "OK", I'll reject it anyway. If > nothing else it might slow them down a little. :) > > So I'm flagging up quite a few messages which are guaranteed spam, but > which aren't in any of the third-party databases that I'm using. The > successes are all 'Sanesecurity.Junk.NNNNN', where 'NNNNN' is usually > a five-digit number beginning with '5'. The detection success rate is > in the region of 35% at present, so I'm collecting ~two out of three. > > My milter can very easily process these messages, in any way, and then > send them, or the results of this processing, in any format and by any > means, to anyone who'd like to have that information. Once set up, it > could do it all in real time, without manual intervention at my end. > > Any takers? > > -- > > 73, > Ged. > > _______________________________________________ > > clamav-users mailing list > clamav-users@lists.clamav.net > https://lists.clamav.net/mailman/listinfo/clamav-users > > > Help us build a comprehensive ClamAV guide: > https://github.com/vrtadmin/clamav-faq > > http://www.clamav.net/contact.html#ml
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
