Re: [clamav-users] Using clamav to test for bad links in incoming emails

2019-02-14 Thread Dennis Peterson
Does SA scan attachments now? dp On 2/14/19 8:07 AM, Alessandro Vesely wrote: On Sat 09/Feb/2019 00:07:28 +0100 Gene Heskett wrote: Has anyone rigged clamd to check what looks like questionable links contained in incoming emails? It seems over the last 2 weeks my spam has tripled, and I suspec

Re: [clamav-users] Using clamav to test for bad links in incoming emails

2019-02-14 Thread Eric Tykwinski
> -Original Message- > From: clamav-users [mailto:clamav-users-boun...@lists.clamav.net] On > Behalf Of Alessandro Vesely > Sent: Thursday, February 14, 2019 11:08 AM > > Shouldn't that be done with SA? > http://uribl.com/usage.shtml It really depends on your goal. For me I use ClamAV to

Re: [clamav-users] Using clamav to test for bad links in incoming emails

2019-02-14 Thread Alessandro Vesely
On Sat 09/Feb/2019 00:07:28 +0100 Gene Heskett wrote: > > Has anyone rigged clamd to check what looks like questionable links > contained in incoming emails? It seems over the last 2 weeks my spam has > tripled, and I suspect the real payload is in the urls in the message. Shouldn't that be don

Re: [clamav-users] Using clamav to test for bad links in incoming emails

2019-02-10 Thread Gene Heskett
On Sunday 10 February 2019 13:08:59 G.W. Haywood wrote: > Hello again, > > On Sun, 10 Feb 2019, Gene Heskett wrote: > > most of what gets my attention comes from local to the US servers > > Well the USA _is_ the world's number one spam source. :( > > > , like earthlink. > > In addition to DNSBL st

Re: [clamav-users] Using clamav to test for bad links in incoming emails

2019-02-10 Thread G.W. Haywood
Hello again, On Sun, 10 Feb 2019, Gene Heskett wrote: most of what gets my attention comes from local to the US servers Well the USA _is_ the world's number one spam source. :( , like earthlink. In addition to DNSBL stuff I operate ten local blacklists - see my blacklist list below. Eart

Re: [clamav-users] Using clamav to test for bad links in incoming emails

2019-02-10 Thread Dennis Peterson
Best practice has always been least-expensive first and incrementally more expensive to follow. This begins with iptables (essential regardless of expense), tcpwrappers, DenyHosts, Fail2Ban, grey listing, country-code tables, access tables (sendmail and Postfix), multilayer milters, finally, AV

Re: [clamav-users] Using clamav to test for bad links in incoming emails

2019-02-10 Thread J.R.
Trying not to get too far off topic, but I wanted to add if you reject based on the hostname of the mail server that can also drop an overwhelming majority of the spam. The most basic test is to see if the IP resolves to anything. Next, does the hostname contain any red flags, like: dhcp, dynamic,

Re: [clamav-users] Using clamav to test for bad links in incoming emails

2019-02-09 Thread Gene Heskett
On Saturday 09 February 2019 12:47:11 G.W. Haywood wrote: > Hi there, > > On Sat, 9 Feb 2019, Gene Heskett wrote: > > Has anyone rigged clamd to check what looks like questionable links > > contained in incoming emails? It seems over the last 2 weeks my spam > > has tripled, and I suspect the real

Re: [clamav-users] Using clamav to test for bad links in incoming emails

2019-02-09 Thread G.W. Haywood
Hi there, On Sat, 9 Feb 2019, Gene Heskett wrote: Has anyone rigged clamd to check what looks like questionable links contained in incoming emails? It seems over the last 2 weeks my spam has tripled, and I suspect the real payload is in the urls in the message. Trawl the logs to see where it

Re: [clamav-users] Using clamav to test for bad links in incoming emails

2019-02-09 Thread Gene Heskett
On Saturday 09 February 2019 08:46:52 J.R. wrote: > > Has anyone rigged clamd to check what looks like questionable links > > contained in incoming emails? It seems over the last 2 weeks my spam > > has tripled, and I suspect the real payload is in the urls in the > > message. > > > > Or is this s

Re: [clamav-users] Using clamav to test for bad links in incoming emails

2019-02-09 Thread J.R.
> Has anyone rigged clamd to check what looks like questionable links > contained in incoming emails? It seems over the last 2 weeks my spam has > tripled, and I suspect the real payload is in the urls in the message. > > Or is this so time consuming and bandwidth wasting its not worth it? There a

Re: [clamav-users] Using clamav to test for bad links in incoming emails

2019-02-08 Thread Arnaud Jacques
Hello, javascript.ndb and spam_marketing.ndb could help too : https://www.securiteinfo.com/services/anti-spam-anti-virus/improve-detection-rate-of-zero-day-malwares-for-clamav.shtml Le 09/02/2019 à 00:47, Eric Tykwinski a écrit : Check out SaneSecurity: https://sanesecurity.com/usage/signature

Re: [clamav-users] Using clamav to test for bad links in incoming emails

2019-02-08 Thread Eric Tykwinski
Check out SaneSecurity: https://sanesecurity.com/usage/signatures/ Specifically: phish, winnow_phish_complete_url I’m sure there’s others as well. Sincerely, Eric Tykwinski TrueNet, Inc. P: 610-429-8300 > On Feb 8, 2019, at 6:07 PM, Gene Heskett wro