efa-project.org

Posted: **05 Feb 2014 17:50**

Hi

Does EFA contains the scamnailer defs ?
See: http://www.scamnailer.info/

Thx

Posted: **05 Feb 2014 18:09**

Oooh..this looks very interesting.

Currently EFA does not have these.

I'm am going to give this a try and report back. We may want to include these in an upcoming release.

Posted: **05 Feb 2014 18:24**

Posted: **05 Feb 2014 18:32**

I think the fastest and simplier way to integrate into EFA is via the clamav way...

Posted: **05 Feb 2014 18:33**

I think the fastest and simplier way to integrate into EFA is via the clamav way...

Posted: **05 Feb 2014 19:41**

Yep, just downloaded the rules and dropped them in. Looks like it is working. It just caught a fake Bank of America alert that was fake.

Going to add this as an enhancement.

Posted: **06 Feb 2014 09:17**

very simple script to update:

/usr/local/bin/clamav-scamnailer-sigs.sh:

#!/bin/sh

url="http://www.mailscanner.eu/scamnailer.ndb"
wget="/usr/bin/wget"
target_dir="/var/clamav"
output_file="scamnailer.ndb"
clam_user="clamav:clamav"

$wget --quiet $url -O "$target_dir/$output_file"
chown $clam_user "$target_dir/$output_file"

put somewhere in /etc/cron.d:

55 * * * * root /usr/local/bin/clamav-scamnailer-sigs.sh >> /var/log/clamav-scamnailer-sigs.log 2>&1

Don't know if clamd needs to be informed that the sigs should be reloaded.

Thx

Posted: **10 Feb 2014 14:52**

Better script to avoid re-download of the same file:

#!/bin/sh

url="http://www.mailscanner.eu/scamnailer.ndb"
wget="/usr/bin/wget"
target_dir="/var/clamav"
output_file="scamnailer.ndb"
clam_user="clamav:clamav"
tmp_dir="/var/cache/scamnailer"

start_date=`date`

mkdir -p $tmp_dir
cd $tmp_dir

echo "Getting signature file from scamnailer site ..."
$wget $url -N > $tmp_dir/log 2>&1
echo "done."

result=`cat $tmp_dir/log | grep -i 'not retrieving' | wc -l`

if [ $result -eq "1" ] ; then
stop_date=`date`
echo "Remote sig $output_file is like the local one: NO DOWNLOAD. EXIT NOW"

echo "Start Update Date: $start_date"
echo "Finish Update Date: $stop_date"

exit 1
fi

echo "Copying new $output_file to $target_dir ..."
cp "$tmp_dir/$output_file" $target_dir
chown $clam_user "$target_dir/$output_file"
echo "done."

stop_date=`date`

echo "Start Update Date: $start_date"
echo "Finish Update Date: $stop_date"

Posted: **10 Feb 2014 21:29**

Great! I'll add this to the enhancements.

Posted: **02 May 2014 05:53**

Hi,

Actually, you can skip the script.

Just add this line in freshclam.conf
DatabaseCustomURL http://www.mailscanner.eu/scamnailer.ndb

During freshclam update it will also check for this file, test and then trigger clamd to re-read the ndb(s).

Regards,

Michael

Posted: **03 May 2014 18:08**

https://github.com/E-F-A/v3/issues/45

Posted: **03 May 2014 18:16**

Good but actually it depends from how you update the sign.

Seems to be 2 method that runs in parallel:

1) freshclam
2) mailscanner scripts

In my opinion is better to use the "standard" mailscanner way.
In this case if the mailscanner script is simply a wrapper around freshclam so customdburl should work.

Posted: **13 May 2016 11:34**

So what is the current status of scamnailer inclusion?
Is scamnailer included in EFA 3.0.1.1?
How is it fetched and updated?

Posted: **14 May 2016 15:18**

Scamnailer is there.

Check /var/log/clamav-unofficial-sigs.log for details

efa-project.org

scamnailer

scamnailer

Re: scamnailer

Re: scamnailer

Re: scamnailer

Re: scamnailer

Re: scamnailer

Re: scamnailer

Re: scamnailer

Re: scamnailer

Re: scamnailer

Re: scamnailer

Re: scamnailer

Re: scamnailer

Re: scamnailer