Educause Security Discussion mailing list archives
Re: .edu email phishing
From: Dave Koontz <dkoontz () MBC EDU>
Date: Wed, 2 Apr 2008 17:48:53 -0400
Remember, the signatures them self don't block messages, sounds like your MTA is somehow configured to do so based upon scan results. Typically, these are used to increase the spam weight score of a given message. Combined with other rules like AWL, Bayesian and whitelists should pose no problem. I've never once missed a message here as a result nor been removed from any lists. A couple of my spam assassin rules are: meta CLAMAV_SANE (CLAMAV && __CLAMAV_SANE) describe CLAMAV_SANE SPAM found by ClamAV SaneSecurity signatures score CLAMAV_SANE 5.0 meta CLAMAV_MBL (CLAMAV && __CLAMAV_MBL) describe CLAMAV_MBL Malware found by ClamAV MBL signatures score CLAMAV_MBL 3.0 meta CLAMAV_MSRBL (CLAMAV && __CLAMAV_MSRBL) describe CLAMAV_MSRBL SPAM found by ClamAV MRSBL signatures score CLAMAV_MSRBL 2.0 Mike Iglesias wrote:
Dave Koontz wrote:Tim, if you are running Barracuda (Spam Assassin) with ClamAV, check out Sane Security's Phishing and Scam signatures. They do a great job of catching these phishing messages and most of the others out there (like eBay, banks, etc.) Just schedule an update to run periodically. http://www.sanesecurity.co.uk/clamav/downloads.htmWe've started using these signatures recently, and they are working. They work a little *too* well, and have caused some of us to be dropped from some mailing lists (like this one) because people are posting the phishing email messages that have been sent to their campuses to the list (which I'm not complaining about), the Sane Security rules catch them, and the email is rejected during delivery. After some number of delivery failures, Listserv drops you from the list. So either subscribe using an email address that doesn't get run thru the rules or exempt this list (and any others that might have sample phishing email posted to them) from rule checking.
Current thread:
- Re: .edu email phishing, (continued)
- Re: .edu email phishing Christopher Webber (Apr 02)
- Re: .edu email phishing Jesse Thompson (Apr 02)
- Re: .edu email phishing Winders, Timothy A (Apr 02)
- Re: .edu email phishing Jesse Thompson (Apr 02)
- Re: .edu email phishing Winders, Timothy A (Apr 02)
- Re: .edu email phishing Dave Koontz (Apr 02)
- Re: .edu email phishing Jeffrey I. Schiller (Apr 02)
- Re: .edu email phishing Mike Iglesias (Apr 02)
- Re: .edu email phishing Winders, Timothy A (Apr 02)
- Re: .edu email phishing Winders, Timothy A (Apr 02)
- Re: .edu email phishing Dave Koontz (Apr 02)
- Re: .edu email phishing Martin Manjak (Apr 03)