Curbing Image/PDF spam : Clamav
On my previous post, I have discussed some of the anti image/PDF spam. I have tried clamav with Sanesecurity’s phishing and scam signatures.
On FreeBSD, I downloaded update shell script by Dan Larsson and made a slight modification as I do not wish to install/use rsync on production servers just to download signature files. I have added these two lines to update shell script under “http_source_urls” and commented out “rsync_source_urls“.
http://download.mirror.msrbl.com/MSRBL-Images.hdb
http://download.mirror.msrbl.com/MSRBL-SPAM.ndb
http_source_urls=" http://www.sanesecurity.com/clamav/phishsigs/phish.ndb.gz http://www.sanesecurity.com/clamav/scamsigs/scam.ndb.gz http://clamav.securiteinfo.com/vx.hdb.gz http://download.mirror.msrbl.com/MSRBL-SPAM.ndb http://download.mirror.msrbl.com/MSRBL-Images.hdb http://www.malware.com.br/cgi/submit?action=list_clamav,fetch_interval=86400,target_file=mbl.db "#rsync_source_urls=" # rsync://rsync.mirror.msrbl.com/msrbl/MSRBL-Images.hdb # rsync://rsync.mirror.msrbl.com/msrbl/MSRBL-SPAM.ndb #"
Update script in action
Script started: Sat Sep 1 12:55:57 MYT 2007
====================================================
Sleeping 213 seconds before proceeding...
====================================================
.....................................................................................................................................................................................................................====================================================
Processing signature database: phish.ndb
====================================================
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 190k 100 190k 0 0 12329 0 0:00:15 0:00:15 --:--:-- 70062
====================================================
Processing signature database: scam.ndb
====================================================
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 190k 100 190k 0 0 23838 0 0:00:08 0:00:08 --:--:-- 164k
====================================================
Processing signature database: vx.hdb
====================================================
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- 0:00:06 --:--:-- 0
====================================================
Processing signature database: MSRBL-SPAM.ndb
====================================================
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- 0:00:01 --:--:-- 0
====================================================
Processing signature database: MSRBL-Images.hdb
====================================================
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 110k 100 110k 0 0 38968 0 0:00:02 0:00:02 --:--:-- 48998
====================================================
Processing signature database: mbl.db
====================================================
Skipped due to interval restriction in effect
====================================================
Reloading the ClamAV databases (3 updated)
====================================================
Script ended: Sat Sep 1 13:00:07 MYT 2007
clamd.log output
Sat Sep 1 13:00:07 2007 -> Reading databases from /var/db/clamav Sat Sep 1 13:00:08 2007 -> Database correctly reloaded (180560 signatures)
That’s it. Yes, it is THAT simple. Just run the script off cronjob.
