Michael sent me a link to Sanesecurity’s Phishing and Scam Signatures for the excellent Clam anti virus toolkit which I have tentatively applied to our installation. The results are phenomenal, and we are dropping useless PDF files and other scam attachments at quite a good rate. The first day shows:

190 Email.Stk.Gen592.Sanesecurity.07071801.pdf
172 Email.Stk.Gen628.Sanesecurity.07080703
149 Email.Stk.Gen606.Sanesecurity.07080101.pdf
131 Email.Stk.Gen592.Sanesecurity.07071801.pdf
26 MSRBL-Images/0-0-wfTb
13 MSRBL-Images/0-0-wfTb
3 Html.Phishing.Auction.Gen209.Sanesecurity.06072501
1 MSRBL-SPAM.SpamBlowBack.URL.753
1 MSRBL-Images/3-0-_Hw
1 MSRBL-Images/0-0-wfma
1 MSRBL-Images/0-0-wfWq
1 Email.Stk.Gen621.Sanesecurity.07080603
1 Email.Img.Gen140.Sanesecurity.07080501

The site has a few scripts which can be used to download the required files periodically (don’t overdo it: every four or five hours should be more than enough). The script I use sets file permissions and does syslog logging, which is practical. Even though this has been in use for only a day, I can highly recommend these signatures; not a false positive detected yet.

Mail, Exim, Security, Spam, and CLI :: 09 Aug 2007 :: e-mail