[clamav-users] Matching variant patterns in logical or Yara signatures
G.W. Haywood
clamav at jubileegroup.co.uk
Tue Jan 16 22:41:06 UTC 2018
Hi there,
On Tue, 16 Jan 2018, Kris Deugau wrote:
> I'm trying to create signatures to match a particular series of
> large to very large spams whose main identifier is a <style> or
> <script> tag containing neither CSS or Javascript.
>
> However, I'm having trouble finding a valid signature string ...
I wonder if it would be easier to filter the sender(s) rather than to
filter the messages. I use GeoIP and a homebrew Sendmail milter very
successfully, and I never see the sort of spam you describe. Can you
share with this list some of the IP addresses from which the messages
are being sent? A couple of dozen would be a good start I think.
--
73,
Ged.
More information about the clamav-users
mailing list