scamnailer

buzzzo · Post by **buzzzo** » 05 Feb 2014 17:50

Hi

Does EFA contains the scamnailer defs ?
See: http://www.scamnailer.info/

Thx

Post by **shawniverson** » 05 Feb 2014 18:09

Oooh..this looks very interesting.

Currently EFA does not have these.

I'm am going to give this a try and report back. We may want to include these in an upcoming release.

Post by **shawniverson** » 05 Feb 2014 18:24

buzzzo · Post by **buzzzo** » 05 Feb 2014 18:32

I think the fastest and simplier way to integrate into EFA is via the clamav way...

buzzzo · Post by **buzzzo** » 05 Feb 2014 18:33

I think the fastest and simplier way to integrate into EFA is via the clamav way...

Post by **shawniverson** » 05 Feb 2014 19:41

Yep, just downloaded the rules and dropped them in. Looks like it is working. It just caught a fake Bank of America alert that was fake.

Going to add this as an enhancement.

buzzzo · Post by **buzzzo** » 06 Feb 2014 09:17

very simple script to update:

/usr/local/bin/clamav-scamnailer-sigs.sh:

#!/bin/sh

url="http://www.mailscanner.eu/scamnailer.ndb"
wget="/usr/bin/wget"
target_dir="/var/clamav"
output_file="scamnailer.ndb"
clam_user="clamav:clamav"

$wget --quiet $url -O "$target_dir/$output_file"
chown $clam_user "$target_dir/$output_file"

put somewhere in /etc/cron.d:

55 * * * * root /usr/local/bin/clamav-scamnailer-sigs.sh >> /var/log/clamav-scamnailer-sigs.log 2>&1

Don't know if clamd needs to be informed that the sigs should be reloaded.

Thx

buzzzo · Post by **buzzzo** » 10 Feb 2014 14:52

Better script to avoid re-download of the same file:

#!/bin/sh

url="http://www.mailscanner.eu/scamnailer.ndb"
wget="/usr/bin/wget"
target_dir="/var/clamav"
output_file="scamnailer.ndb"
clam_user="clamav:clamav"
tmp_dir="/var/cache/scamnailer"

start_date=`date`

mkdir -p $tmp_dir
cd $tmp_dir

echo "Getting signature file from scamnailer site ..."
$wget $url -N > $tmp_dir/log 2>&1
echo "done."

result=`cat $tmp_dir/log | grep -i 'not retrieving' | wc -l`

if [ $result -eq "1" ] ; then
stop_date=`date`
echo "Remote sig $output_file is like the local one: NO DOWNLOAD. EXIT NOW"

echo "Start Update Date: $start_date"
echo "Finish Update Date: $stop_date"

exit 1
fi

echo "Copying new $output_file to $target_dir ..."
cp "$tmp_dir/$output_file" $target_dir
chown $clam_user "$target_dir/$output_file"
echo "done."

stop_date=`date`

echo "Start Update Date: $start_date"
echo "Finish Update Date: $stop_date"

Post by **shawniverson** » 10 Feb 2014 21:29

Great! I'll add this to the enhancements.

Michaelv · Post by **Michaelv** » 02 May 2014 05:53

Hi,

Actually, you can skip the script.

Just add this line in freshclam.conf
DatabaseCustomURL http://www.mailscanner.eu/scamnailer.ndb

During freshclam update it will also check for this file, test and then trigger clamd to re-read the ndb(s).

Regards,

Michael

Post by **shawniverson** » 03 May 2014 18:08

https://github.com/E-F-A/v3/issues/45

buzzzo · Post by **buzzzo** » 03 May 2014 18:16

Good but actually it depends from how you update the sign.

Seems to be 2 method that runs in parallel:

1) freshclam
2) mailscanner scripts

In my opinion is better to use the "standard" mailscanner way.
In this case if the mailscanner script is simply a wrapper around freshclam so customdburl should work.

ovizii · Post by **ovizii** » 13 May 2016 11:34

So what is the current status of scamnailer inclusion?
Is scamnailer included in EFA 3.0.1.1?
How is it fetched and updated?

Post by **shawniverson** » 14 May 2016 15:18

Scamnailer is there.

Check /var/log/clamav-unofficial-sigs.log for details

efa-project.org

scamnailer

scamnailer

Re: scamnailer

Re: scamnailer

Re: scamnailer

Re: scamnailer

Re: scamnailer

Re: scamnailer

Re: scamnailer

Re: scamnailer

Re: scamnailer

Re: scamnailer

Re: scamnailer

Re: scamnailer

Re: scamnailer