scamnailer
- shawniverson
- Posts: 3649
- Joined: 13 Jan 2014 23:30
- Location: Indianapolis, Indiana USA
- Contact:
Re: scamnailer
Oooh..this looks very interesting.
Currently EFA does not have these.
I'm am going to give this a try and report back. We may want to include these in an upcoming release.
Currently EFA does not have these.
I'm am going to give this a try and report back. We may want to include these in an upcoming release.
- shawniverson
- Posts: 3649
- Joined: 13 Jan 2014 23:30
- Location: Indianapolis, Indiana USA
- Contact:
Re: scamnailer
Hmm...the scamNailer script seems to fail for me...going to try the clamav signature instead
I am working with: Current: 2014-053 - 16 and Status: -1 - -1
This is base update
Unable to retrieve http://www.mailscanner.tv/emails..2014-053 :404 Not Found
Update required
Retrieving http://www.mailscanner.tv/emails.2014-053.1
Failed to retrieve http://www.mailscanner.tv/emails.2014-053.1 at ./ScamNailer-2.09 line 276.
Retrieving http://www.mailscanner.tv/emails.2014-053.2
Failed to retrieve http://www.mailscanner.tv/emails.2014-053.2 at ./ScamNailer-2.09 line 276.
Retrieving http://www.mailscanner.tv/emails.2014-053.3
Failed to retrieve http://www.mailscanner.tv/emails.2014-053.3 at ./ScamNailer-2.09 line 276.
Retrieving http://www.mailscanner.tv/emails.2014-053.4
Failed to retrieve http://www.mailscanner.tv/emails.2014-053.4 at ./ScamNailer-2.09 line 276.
Retrieving http://www.mailscanner.tv/emails.2014-053.5
Failed to retrieve http://www.mailscanner.tv/emails.2014-053.5 at ./ScamNailer-2.09 line 276.
Retrieving http://www.mailscanner.tv/emails.2014-053.6
Failed to retrieve http://www.mailscanner.tv/emails.2014-053.6 at ./ScamNailer-2.09 line 276.
Retrieving http://www.mailscanner.tv/emails.2014-053.7
Failed to retrieve http://www.mailscanner.tv/emails.2014-053.7 at ./ScamNailer-2.09 line 276.
Retrieving http://www.mailscanner.tv/emails.2014-053.8
Failed to retrieve http://www.mailscanner.tv/emails.2014-053.8 at ./ScamNailer-2.09 line 276.
Retrieving http://www.mailscanner.tv/emails.2014-053.9
Failed to retrieve http://www.mailscanner.tv/emails.2014-053.9 at ./ScamNailer-2.09 line 276.
Retrieving http://www.mailscanner.tv/emails.2014-053.10
Failed to retrieve http://www.mailscanner.tv/emails.2014-053.10 at ./ScamNailer-2.09 line 276.
Retrieving http://www.mailscanner.tv/emails.2014-053.11
Failed to retrieve http://www.mailscanner.tv/emails.2014-053.11 at ./ScamNailer-2.09 line 276.
Retrieving http://www.mailscanner.tv/emails.2014-053.12
Failed to retrieve http://www.mailscanner.tv/emails.2014-053.12 at ./ScamNailer-2.09 line 276.
Retrieving http://www.mailscanner.tv/emails.2014-053.13
Failed to retrieve http://www.mailscanner.tv/emails.2014-053.13 at ./ScamNailer-2.09 line 276.
Retrieving http://www.mailscanner.tv/emails.2014-053.14
Failed to retrieve http://www.mailscanner.tv/emails.2014-053.14 at ./ScamNailer-2.09 line 276.
Retrieving http://www.mailscanner.tv/emails.2014-053.15
Failed to retrieve http://www.mailscanner.tv/emails.2014-053.15 at ./ScamNailer-2.09 line 276.
Retrieving http://www.mailscanner.tv/emails.2014-053.16
Failed to retrieve http://www.mailscanner.tv/emails.2014-053.16 at ./ScamNailer-2.09 line 276.
Unable to open base file (/var/cache/ScamNailer/cache//2014-053)
I am working with: Current: 2014-053 - 16 and Status: -1 - -1
This is base update
Unable to retrieve http://www.mailscanner.tv/emails..2014-053 :404 Not Found
Update required
Retrieving http://www.mailscanner.tv/emails.2014-053.1
Failed to retrieve http://www.mailscanner.tv/emails.2014-053.1 at ./ScamNailer-2.09 line 276.
Retrieving http://www.mailscanner.tv/emails.2014-053.2
Failed to retrieve http://www.mailscanner.tv/emails.2014-053.2 at ./ScamNailer-2.09 line 276.
Retrieving http://www.mailscanner.tv/emails.2014-053.3
Failed to retrieve http://www.mailscanner.tv/emails.2014-053.3 at ./ScamNailer-2.09 line 276.
Retrieving http://www.mailscanner.tv/emails.2014-053.4
Failed to retrieve http://www.mailscanner.tv/emails.2014-053.4 at ./ScamNailer-2.09 line 276.
Retrieving http://www.mailscanner.tv/emails.2014-053.5
Failed to retrieve http://www.mailscanner.tv/emails.2014-053.5 at ./ScamNailer-2.09 line 276.
Retrieving http://www.mailscanner.tv/emails.2014-053.6
Failed to retrieve http://www.mailscanner.tv/emails.2014-053.6 at ./ScamNailer-2.09 line 276.
Retrieving http://www.mailscanner.tv/emails.2014-053.7
Failed to retrieve http://www.mailscanner.tv/emails.2014-053.7 at ./ScamNailer-2.09 line 276.
Retrieving http://www.mailscanner.tv/emails.2014-053.8
Failed to retrieve http://www.mailscanner.tv/emails.2014-053.8 at ./ScamNailer-2.09 line 276.
Retrieving http://www.mailscanner.tv/emails.2014-053.9
Failed to retrieve http://www.mailscanner.tv/emails.2014-053.9 at ./ScamNailer-2.09 line 276.
Retrieving http://www.mailscanner.tv/emails.2014-053.10
Failed to retrieve http://www.mailscanner.tv/emails.2014-053.10 at ./ScamNailer-2.09 line 276.
Retrieving http://www.mailscanner.tv/emails.2014-053.11
Failed to retrieve http://www.mailscanner.tv/emails.2014-053.11 at ./ScamNailer-2.09 line 276.
Retrieving http://www.mailscanner.tv/emails.2014-053.12
Failed to retrieve http://www.mailscanner.tv/emails.2014-053.12 at ./ScamNailer-2.09 line 276.
Retrieving http://www.mailscanner.tv/emails.2014-053.13
Failed to retrieve http://www.mailscanner.tv/emails.2014-053.13 at ./ScamNailer-2.09 line 276.
Retrieving http://www.mailscanner.tv/emails.2014-053.14
Failed to retrieve http://www.mailscanner.tv/emails.2014-053.14 at ./ScamNailer-2.09 line 276.
Retrieving http://www.mailscanner.tv/emails.2014-053.15
Failed to retrieve http://www.mailscanner.tv/emails.2014-053.15 at ./ScamNailer-2.09 line 276.
Retrieving http://www.mailscanner.tv/emails.2014-053.16
Failed to retrieve http://www.mailscanner.tv/emails.2014-053.16 at ./ScamNailer-2.09 line 276.
Unable to open base file (/var/cache/ScamNailer/cache//2014-053)
Re: scamnailer
I think the fastest and simplier way to integrate into EFA is via the clamav way...
Re: scamnailer
I think the fastest and simplier way to integrate into EFA is via the clamav way...
- shawniverson
- Posts: 3649
- Joined: 13 Jan 2014 23:30
- Location: Indianapolis, Indiana USA
- Contact:
Re: scamnailer
Yep, just downloaded the rules and dropped them in. Looks like it is working. It just caught a fake Bank of America alert that was fake.
Going to add this as an enhancement.
Going to add this as an enhancement.
Re: scamnailer
very simple script to update:
/usr/local/bin/clamav-scamnailer-sigs.sh:
#!/bin/sh
url="http://www.mailscanner.eu/scamnailer.ndb"
wget="/usr/bin/wget"
target_dir="/var/clamav"
output_file="scamnailer.ndb"
clam_user="clamav:clamav"
$wget --quiet $url -O "$target_dir/$output_file"
chown $clam_user "$target_dir/$output_file"
put somewhere in /etc/cron.d:
55 * * * * root /usr/local/bin/clamav-scamnailer-sigs.sh >> /var/log/clamav-scamnailer-sigs.log 2>&1
Don't know if clamd needs to be informed that the sigs should be reloaded.
Thx
/usr/local/bin/clamav-scamnailer-sigs.sh:
#!/bin/sh
url="http://www.mailscanner.eu/scamnailer.ndb"
wget="/usr/bin/wget"
target_dir="/var/clamav"
output_file="scamnailer.ndb"
clam_user="clamav:clamav"
$wget --quiet $url -O "$target_dir/$output_file"
chown $clam_user "$target_dir/$output_file"
put somewhere in /etc/cron.d:
55 * * * * root /usr/local/bin/clamav-scamnailer-sigs.sh >> /var/log/clamav-scamnailer-sigs.log 2>&1
Don't know if clamd needs to be informed that the sigs should be reloaded.
Thx
Re: scamnailer
Better script to avoid re-download of the same file:
#!/bin/sh
url="http://www.mailscanner.eu/scamnailer.ndb"
wget="/usr/bin/wget"
target_dir="/var/clamav"
output_file="scamnailer.ndb"
clam_user="clamav:clamav"
tmp_dir="/var/cache/scamnailer"
start_date=`date`
mkdir -p $tmp_dir
cd $tmp_dir
echo "Getting signature file from scamnailer site ..."
$wget $url -N > $tmp_dir/log 2>&1
echo "done."
result=`cat $tmp_dir/log | grep -i 'not retrieving' | wc -l`
if [ $result -eq "1" ] ; then
stop_date=`date`
echo "Remote sig $output_file is like the local one: NO DOWNLOAD. EXIT NOW"
echo "Start Update Date: $start_date"
echo "Finish Update Date: $stop_date"
exit 1
fi
echo "Copying new $output_file to $target_dir ..."
cp "$tmp_dir/$output_file" $target_dir
chown $clam_user "$target_dir/$output_file"
echo "done."
stop_date=`date`
echo "Start Update Date: $start_date"
echo "Finish Update Date: $stop_date"
#!/bin/sh
url="http://www.mailscanner.eu/scamnailer.ndb"
wget="/usr/bin/wget"
target_dir="/var/clamav"
output_file="scamnailer.ndb"
clam_user="clamav:clamav"
tmp_dir="/var/cache/scamnailer"
start_date=`date`
mkdir -p $tmp_dir
cd $tmp_dir
echo "Getting signature file from scamnailer site ..."
$wget $url -N > $tmp_dir/log 2>&1
echo "done."
result=`cat $tmp_dir/log | grep -i 'not retrieving' | wc -l`
if [ $result -eq "1" ] ; then
stop_date=`date`
echo "Remote sig $output_file is like the local one: NO DOWNLOAD. EXIT NOW"
echo "Start Update Date: $start_date"
echo "Finish Update Date: $stop_date"
exit 1
fi
echo "Copying new $output_file to $target_dir ..."
cp "$tmp_dir/$output_file" $target_dir
chown $clam_user "$target_dir/$output_file"
echo "done."
stop_date=`date`
echo "Start Update Date: $start_date"
echo "Finish Update Date: $stop_date"
- shawniverson
- Posts: 3649
- Joined: 13 Jan 2014 23:30
- Location: Indianapolis, Indiana USA
- Contact:
Re: scamnailer
Great! I'll add this to the enhancements.
Re: scamnailer
Hi,
Actually, you can skip the script.
Just add this line in freshclam.conf
DatabaseCustomURL http://www.mailscanner.eu/scamnailer.ndb
During freshclam update it will also check for this file, test and then trigger clamd to re-read the ndb(s).
Regards,
Michael
Actually, you can skip the script.
Just add this line in freshclam.conf
DatabaseCustomURL http://www.mailscanner.eu/scamnailer.ndb
During freshclam update it will also check for this file, test and then trigger clamd to re-read the ndb(s).
Regards,
Michael
- shawniverson
- Posts: 3649
- Joined: 13 Jan 2014 23:30
- Location: Indianapolis, Indiana USA
- Contact:
Re: scamnailer
Good but actually it depends from how you update the sign.
Seems to be 2 method that runs in parallel:
1) freshclam
2) mailscanner scripts
In my opinion is better to use the "standard" mailscanner way.
In this case if the mailscanner script is simply a wrapper around freshclam so customdburl should work.
Seems to be 2 method that runs in parallel:
1) freshclam
2) mailscanner scripts
In my opinion is better to use the "standard" mailscanner way.
In this case if the mailscanner script is simply a wrapper around freshclam so customdburl should work.
Re: scamnailer
So what is the current status of scamnailer inclusion?
Is scamnailer included in EFA 3.0.1.1?
How is it fetched and updated?
Is scamnailer included in EFA 3.0.1.1?
How is it fetched and updated?
- shawniverson
- Posts: 3649
- Joined: 13 Jan 2014 23:30
- Location: Indianapolis, Indiana USA
- Contact:
Re: scamnailer
Scamnailer is there.
Check /var/log/clamav-unofficial-sigs.log for details
Check /var/log/clamav-unofficial-sigs.log for details