linux poison RSS
linux poison Email

Use SaneSecurity Clamav signatures to Filter out Scam and Phishing emails

Clamav is probably the most popular open source antivirus software for Linux. At this time it contains 153727 signatures that will detect most viruses and the signatures are updated regularly to allow many mail servers to filter out the viruses before even reaching the users mailboxes.

This post will show how easy it is to install and use SaneSecurity 3rd party Clamav signatures to extend the antivirus protection built-in clamav with Scam and Phishing filtering. This can be very useful as these types of emails can be hard to detect by common antispam rules (spamassassin for ex.) - like the latest pdf spams, or phishing mails that are not always easy to detect. These will be filtered out directly by Clamav that is normally running prior to antispam measures.

These rules are provided and maintained by SaneSecurity and they are used by more and more peoples (including specialized companies like Barracuda Networks appear to be using SaneSecurity’s signature databases in their Barracuda Spam Firewall).

The installation and usage is very simple:
  1. we can manually download the SaneSecurity Phishing Signatures and SaneSecurity Scam Signatures from their download page. We can drop them in the clamav signatures folder (normally /var/lib/clamav , but check your clamd.conf for your DatabaseDirectory location) and they will be used right away (if you are using clamd it will need a reload to be notified of db changes or wait for the SelfCheck timer to expire and it will do that automatically).
  2. we can use one of the several scripts from their usage page to download initially the signatures and then to keep them updated regularly using cron.
Normally we would like to use the second option as we will always have the latest SaneSecurity rules updated. Check out the usage page and choose the script you think is best for you.


Post a Comment

Related Posts with Thumbnails