Filtering PDF-/XLS-/Image-Spam With ClamAV (And ISPConfig) On Debian/Ubuntu
gerald_309 Gerald
| Source: HowtoForge - Posted by Eckie Silapaswang | |
| In our never-ending battle against
spam, our opponents have decided to play the espionage route and disguise
themselves as .pdf and .xls files. This shady tactic has become a trend of
its own, resulting in all the recent postings of spam battling notes. This
most recent article provides a how-to on setting up ClamAv to counter
these new spam signatures. Get this before THEY come running wild on YOU!
Read this full article at HowtoForge http://www.howtoforge.com/ispconfig_sanesecurity_clamav_debian_ubuntu
Filtering PDF-/XLS-/Image-Spam With ClamAV (And ISPConfig) On Debian/UbuntuVersion 1.0 There is currently a lot of spam where the spam "information" is attached as .pdf or .xls files, sometime also hidden inside a .zip file. While these spam mails are not easy to catch with e.g. SpamAssassin or a Bayes filter, the ClamAV virus scanner can catch them easily when it is fed with the correct signatures as ClamAV is built to scan mail attachments. The website Sanesecurity (http://sanesecurity.co.uk) provides up to date signatures for these types of emails including image spam. The following guide will show you how to install the spam, phising, scam and image signatures from sanesecurity.co.uk and MSRBL into your ISPConfig ClamAV installation under Debian or Ubuntu Linux. If you want to use the Sanesecurity signatures without ISPConfig, have a look at the explanations at the end of the tutorial.
Install Some Prerequisitesapt-get install gzip curl rsync Now download the update script for the Sansecurity signatures. The original script has been written by Bill Landry and is available here: http://www.sanesecurity.co.uk/clamav/usage.htm. I've modified the path variables to suit an ISPConfig installation - the modified script is available here: http://www.ispconfig.org/downloads/scripts/sanesecurity_update.sh. cd /usr/bin Now we run the update script to check if the download works: ./sanesecurity_update.sh The result should look similar to this: ----------------------------------------------------------------------------- % Total % Received % Xferd Average Speed Time
Time Time Current ================================== % Total % Received % Xferd Average Speed Time
Time Time Current ========================== Number of files: 1 sent 101 bytes received 228579 bytes 26903.53
bytes/sec =========================== Number of files: 1 sent 103 bytes received 550688 bytes
157368.86 bytes/sec ----------------------------------------------------------------------------- Now we a add the script to the root crontab to be run once a day: crontab -e Add the following line at the end of the root crontab: 53 04 * * * /usr/bin/sanesecurity_update.sh &> /dev/null The script is executed at 04:53 AM, please modify the time a bit in your configuration to keep the load low on the download server.
Using Sanesecurity Signatures Without ISPConfigIf you want to use the Sanesecurity signatures without ISPConfig, you will have to customize the download script to match your ClamAV installation. Download the original script from here: http://www.sanesecurity.co.uk/clamav/ss-msrbl.sh Edit the following variables to match your installation: clam_sigs="/var/lib/clamav" The variable clamav_sigs contains the path to the directory where your ClamAV signatures are stored. clam_user="clamav" The variable clam_user contains the username under which your ClamAV or clamd is executed. Copyright © 2007 Till
Brehm All Rights Reserved.
gerald_309 www.icq.com
msgr#222611982 #####SPY-LERTS FROM BLUECOLLARPC.NET##### |
