| Tweaking ASSP Deluxe for cPanel & ASSP |
|
 |
In this page you can
find articles to tweak ASSP and to reach
better usage of ASSP Deluxe for cPanel . If
you would add an article please send an email
here with your credits (your
business url and full name). Use
these tweaks at your risk . |
|
|
Latest recommended RBLs (14
April 2009) #08
1) change RBL Service Providers with following ( it's
a single line without spaces )
zen.spamhaus.org|dnsbl-1.uceprotect.net|blackholes.five-ten-sg.com|psbl.surriel.com|dul.dnsbl.sorbs.net|l2.apews.org|ix.dnsbl.manitu.net|bl.spamcop.net|bl.spamcannibal.org|spam.spamrats.com|combined.njabl.org
- Set Maximum Replies to 11
- Set Maximum Hits to
2 ( fairly aggressive )
or 3 ( moderate , surely
spam )
Save settings.
2) Only if you would use
DNSBL Weights
(available on ASSP 1.4.4 and above)
- change RBL Service Providers with following (it's
a single line without spaces)
zen.spamhaus.org=>1|bl.spamcop.net=>1|psbl.surriel.com=>2|ix.dnsbl.manitu.net=>2|l2.apews.org=>3|combined.njabl.org=>1|safe.dnsbl.sorbs.net=>1|dnsbl-1.uceprotect.net=>2|dnsbl-2.uceprotect.net=>2|dnsbl-3.uceprotect.net=>2|blackholes.five-ten-sg.com=>3
- Set Maximum Replies to 7
- Set Maximum Hits to 2
- Set Maximum Weight (RBLmaxweight) to
50
Save settings.
Latest
recommended ASSP usage (14 April 2009)
#09
If you are using ASSP from min 3 months and over AND
you followed/applied the post installation
steps (especially ASSP scoring ON , no local enabled for most of
your users, delaying off per user, spambox enabled) I invite everyone
to use following settings .Following settings on ASSP 1.5.1.2 are giving
extremely good spam detection and rare false positives .
a) upgrade everything (ASSP and ASSP Deluxe) to latest versions . Be sure
you have ASSP 1.5.1.2 (recommended).
Be sure you have followed
post installation steps
b) Open ASSP WHM ; disable and re-enable "assp scoring ON" to
automatically load new recommended
scoring scores (included with latest ASSP Deluxe).
Now go to ASSP WHM > SCORE SETTINGS and set
PenaltyMessageBlock
to 45(min)- 48(max)
if you would moderate antispam settings (low risk to block
valid email) ; if you would block more spam (low risk to block valid
email)
set
PenaltyMessageBlock
to 41(min) 44(max)
c) apply
http://www.grscripts.com/tweaking.html#08 option
1 (with Maximum
Hits set to 2)
d) apply
http://www.grscripts.com/tweaking.html#8
e)
apply
http://www.grscripts.com/tweaking.html#10
f) be sure your ASSP Deluxe cronjobs are similar
to the following
(please be sure all your crons are on a single
line!)
54 2 * * * /usr/bin/freshclam --quiet
--daemon-notify
10 7 * * * cd /usr/local/assp;perl /usr/local/assp/rebuildspamdb.pl
MAILTO=""
*/59 * * * * /usr/local/cpanel/3rdparty/bin/php-cgi
/usr/local/assp/deluxe/ex_localdomains.php clean_logs=yes
*/3 * * * * /usr/local/cpanel/3rdparty/bin/php-cgi
/usr/local/assp/deluxe/update_email.php
*/1 * * * * /usr/local/cpanel/3rdparty/bin/php-cgi
/usr/local/assp/deluxe/status.php
*/20 * * * * /usr/local/cpanel/3rdparty/bin/php-cgi
/usr/local/assp/deluxe/find_abusers.php sw=12 sc=32 er=13 lm=13 dc=25 rl=20 on=1
0 4 * * * /usr/local/cpanel/3rdparty/bin/php-cgi
/usr/local/assp/deluxe/signatures.php
2 */6 * * * /usr/sbin/exiqgrep -o 33600 -i | /usr/bin/xargs /usr/sbin/exim -Mrm
MAILTO=root
and only if you are using the ASSP Deluxe spambox plugin
similar to the following
54 2 * * * /usr/bin/freshclam --quiet
--daemon-notify
10 7 * * * cd /usr/local/assp;perl /usr/local/assp/rebuildspamdb.pl
MAILTO=""
*/59 * * * * /usr/local/cpanel/3rdparty/bin/php-cgi
/usr/local/assp/deluxe/ex_localdomains.php clean_logs=yes
*/3 * * * * /usr/local/cpanel/3rdparty/bin/php-cgi
/usr/local/assp/deluxe/update_email.php
*/1 * * * * /usr/local/cpanel/3rdparty/bin/php-cgi
/usr/local/assp/deluxe/status.php
*/4 * * * * /usr/local/cpanel/3rdparty/bin/php-cgi
/usr/local/assp/deluxe/spam_cronjob.php high=7
10 8 * * * /usr/local/cpanel/3rdparty/bin/php-cgi
/usr/local/assp/deluxe/clear_spambox.php sday=8 sp=yes limitspace=10000
remdays=4
*/20 * * * * /usr/local/cpanel/3rdparty/bin/php-cgi
/usr/local/assp/deluxe/find_abusers.php sw=12 sc=32 er=13 lm=13 dc=25 rl=20 on=1
0 4 * * * /usr/local/cpanel/3rdparty/bin/php-cgi
/usr/local/assp/deluxe/signatures.php
2 */6 * * * /usr/sbin/exiqgrep -o 33600 -i | /usr/bin/xargs /usr/sbin/exim -Mrm
MAILTO=root
(with the above cron the clear_spambox removes automatically
from accounts spam from spambox older than 8 days and remove additional 4 days
of spam if the spambox folder is greater than 10MB . high=7 used by
spam_cronjob.php cron, stops spambox execution is server load is higher than 7)
This line is optional and recommended (it leaves your mail queue
cleaner )
2 */6 * * * /usr/sbin/exiqgrep -o 33600 -i |
/usr/bin/xargs /usr/sbin/exim -Mrm
g ) Do you
want to be protected by spam exiting from your server ?
Read these
-
local sender checks
-
local spam detection
ASSP 1.5.1 advanced
settings 14 Apr 2009 #11
With ASSP 1.5.1 you will find some (powerful)
features which are disabled by default , and you can enable them (using ASSP
Web Interface) depending on your needs.
Some of these are
- Validate sender addresses to conform with
RFC5322 (DoRFC822Sender)
- Do Country Blocking
Do Country Code Scoring
Suspicious Country Codes
By settings these 3 you can reduce SPAM based on your users/spam Country
usage. If you have no idea of what Countries use/enter here ,
find_abusers.php may help you (read
this)
- Block All Remote Sender with a Local Domain
Address (DoNoSpoofing) #sp
this will eliminate
spoofing .
To stop spoofing (spam coming from your domain using a remote sender ip)
open ASSP WEB interface >
Validate Sender menu
and set
Block Local Address from External Sender
to Score mode
Then open the Penalty Box menu and set
Invalid Local Sender Score flValencePB , to a
value between 15 (moderated) and 60 (very aggressive, all spoofing
will be blocked)
With
ASSP 1.5.1
==> the spoofing
check will be set automatically to SCORE and it will be set to
15 by default ( flValencePB ). Authenticated
local ips file:deluxe/relayhosts will not be scored .
- Max Real Size of Message (maxRealSize and
maxRealSizeExternal )
#6
If the rcpt size of the email message exceeds
maxRealSize in bytes the transmission of the
local message (email sent by local users)
will be canceled. This option allows you to limit useless bandwidth wasting
based on the total transmit size. The local
sender will be notified with a message "552 message exceeds MAXREALSIZE byte
(size * rcpt), please reduce attachment size and number of your recipients,
or use ftp." .
note : ASSP MaxRealSize checks
rcpt size (for you local email senders) , it does not check the attachment size.
By default you have a MaxRealSize limit of 15 MB (15728640 bytes) so ..;
if a local (or remote sender) send a 14 Mb attachment to a single email , it
passes (because rcpt value is 14 MB < 15MB )
If a local (or remote sender) send a 14 MB to 2 email it does not
pass (because rcpt value is 14*2=28MB > 15MB )
If a local (or remote sender) send a 1 MB to 14 email it passes (because
rcpt value is 1*14=14 MB < 15MB )
If a local (or remote sender) send a 1 MB to 20 email the email doesn't pass
(because rcpt value is 1*20=20 MB < 15MB )
Of course you can customize MaxRealSize limit using ASSP Web Interface >
smtp settings menu > MaxRealSize
You should enter a value in bytes .
maxRealSizeExternal works like maxRealSize but for external
senders.
- Do Not Copy Messages Above This MessageTotal
score (ccMaxScore)
By default all rejected messages will go on spambox. If you set a
ccMaxScore 70 (i.e.) all email rejected with a score >= 70 will
not go on user spambox.
- Wildcard User for White Domain (wildcardUser)
you may configure it to accept * too ( instead of _ALL_ ).
- DNSBL
weights
with ASSP 1.5.1 DNSBL menu accepts a new
feature DNSBL Maximum Weight . As
of now
DNSBL providers can get a "weight" like bl.spamcop.net=>1.
The value of the weight can be set directly like=>45 or as a divisor of
RBLmaxweight. Low numbers < 6 are divisors . So if RBLmaxweight = 50
(default) bl.spamcop.net=>50 would be the same as bl.spamcop.net=>1,
bl.spamcop.net=>2 would be the same as bl.spamcop.net=>25. If the sum
of weights surpasses RBLmaxweight, the DNSBL check fails. If not, the DNSBL
check is scored as "neutral" even with RBLmaxhits reached.
If you would you may read/apply recommended RBL settings
here
For example:
RBLmaxhits=2
RBLmaxweight=50
zen.spamhaus.org=>1
bl.spamcop.net=>1
safe.dnsbl.sorbs.net=>1
combined.njabl.org=>1
dnsbl-1.uceprotect.net=>2
dnsbl-2.uceprotect.net=>2
dnsbl-3.uceprotect.net=>3
ix.dnsbl.manitu.net=>2
psbl.surriel.com=>2
2.apews.org=>3
A "fail" will result of:
2 hits in group 1
1 hit in group 1 and 1 hit in group 2
2 hits in group 2
1 hit in group 1
A "neutral" will result of:
1 hit in group 2 and 1 hit in group 3
2 hits in group 3
1 hit in group 3
- Email interface
: ASSP email interface has been improved with
1.5.1
Over the default commands assp-white@ , assp-notwhite@, assp-spam@,
assp-notspam@, assp-red@, asspanalyze@ you will find also
asspblock@ ; if a client send the request to
asspblock@clientdomain.com from info@clientdomain.com , he receives an
email with a list of all
the email rejected last 5 days (data extracted from current
maillog.txt) . The client can also click the email to resend the email .
This feature is still in development; currently
if your users will abuse this feature , you can experience smtp timeouts .
asspof@ ; if a client send the request to
asspof@clientdomain.com from info@clientdomain.com ,
info@clientdomain.com will be added on the
ASSP noprocessing list . The email
info@clientdomain.com will bypass all antispam checks .
asspon@ ; same of asspof but to remove an
email from noprocessing
- Email interface
: ASSP email interface has been improved
A
powerful tool , find_abusers.php #06
ASSP Deluxe contains a useful tool which can be
executed in this way
# /usr/local/cpanel/3rdparty/bin/php-cgi
/usr/local/assp/deluxe/find_abusers.php
It reports a lot of useful information, to undestand in a fast way what kind
of email attack is receiving your server
, which are your accounts under heavy attack , which are bad ips attacking
your server (sorted) , and much more.
Available commands
sw=n (or show=n
)
The command sw=n will permit to show you only data over the
number n . If you don't specify it a value of 15 will be used.
example
# /usr/local/cpanel/3rdparty/bin/php-cgi /usr/local/assp/deluxe/find_abusers.php
sw=20
With ASSP Deluxe 3.1.0 and above versions find_abusers.php can also
show all the email sent from your server using a script .
For example you will see this
Email sent from your server using a script ( >100 email )
=============================================
574 = > /home/hat/public_html/chat
207 = > /home/spa/public_html/preloginchat
167 = > /home/dieone/public_html/archiv/datenb
114 = > /home/rad/public_html/ine/news
using find_abusers.php as a cronjob
find_abusers.php is
not only a tool to receive information from
console . You can execute
it each 20 minutes using a cronjob with several commands to create a collection of bad ips .
You can find instructions to set up find_abusers.php here
http://www.grscripts.com/howtofaq.html#70 .
Compared with the ip collected used by PB extreme , this way strongly
reduces the risk to block a good/valid ip . If you install this cron ,
Penalty box extreme will be turned off automatically . Be sure you
have latest ASSP Deluxe for cPanel version (2.8.0 or above) to use it .
With ASSP Deluxe 3.5.5
(#10) and above versions , find_abusers.php returns also a list of email sent from Foreign
Country (ip address country).
for example ;
Email sent from Foreign Country
=============================================
220 = > BR
192 = > TR
188 = > NL
157 = > GB
154 = > PL
143 = > CA
returned data wil be extremly useful to block bad
countries using ASSP Web Interface > "validate
sender" menu .
#50 With ASSP Deluxe 3.1.6
(and above versions) and ASSP 1.4.4 (and above versions) , find_abusers.php returns also a list of email
sent from ISP
organizations ; for example ;
Email sent by ISP organizations
(it analyzes your current /usr/local/assp/pb/pbdb.sb.db) 15
=============================================
55 = > US-Yahoo-yahoo.com
38 = > US-TheSolo
28 = > TR-TurkTelekom-
28 = > US-PerformanceSystems
24 = > US-NthAir-nthair.net
22 = > US-Thefacebook.com-tfbnw.net
19 = > US-MicrosoftCorp-hotmail.com
18 = > TR-TurkTelekom-ttnet.net.tr
18 = > BR-TeleNorte
17 = > TH-TrueInternet
How to use following information ?
This informtation permits you to use efficiently the "Do Organization
Blocking" feature available on ASSP SenderBase menu . To use this
information open your ASSP Web Interface and open sender base menu
If you suppose that TurkTelekom (i.e.)
is sending you only spam
, go to Regular Expression to Identify Black Organizations in
SenderBase* (blackSenderBase) and enter
TurkTelekom
If you need to enter other organizations separate them with a pipe (|).
By default the Organizations will be scored 25 (you can customize it)
Blocked Organizations Score, default=25 (sborgValencePB)
Save your ASSP Web interface.
How
to train the ASSP bayesian filter using ASSP NOTSPAM ANALYZER
(updated 12 Feb 2009) #01
Another way to training the ASSP Bayes algorithm is using ASSP
NOT SPAM ANALYZER on ASSP WHM interface;
Open the ASSP NOT SPAM ANALYZER
and look for naughty words with the search tool.
You will probably find some SPAM message inside your NOT SPAM collection.
Move them to SPAM , and
rebuild the spam db . Each time you do this task , you make the bayesian
database better .
for example you can search these keywords on your NOT SPAM
ANALYZER
replica watches|MegaDik| cock |
penis | pills | Original Viagra | better sex life | average penis |
enlargement | orgasm | erections | Viagra | big dick | sperma | Sexual |
Erectionsk | Stamina | sildenafil | citrate | Erectile
(note that there is a space before and after each keyword . Copy and
paste the yellow section on
your search form field , then click search )
If you find some message , it's probably spam . Read the messages and move
them to SPAM
if required . At the end of operation rebuild the spamdb (using the
REBUILD SPAMDB button).
If you analyze the keywords above on your spamDB before and after
this training operation
( cat /usr/local/assp/spamdb | grep "penis" ) , you will notice that ASSP
has assigned more bayesian score to
all the keywords above . If ASSP will receive again an email with one of the
keywords above , it will receive a
greater bayesian score with more probability to block the message. I suggest
you to execute this training
once a week and searching different naughty words.
Note that if you are using assp scoring mode ON
, and you do the bayesian corrrection operation explained above often
(weekly i.e.), after some week your bayesian filter will be much more
great and very efficient , so you can consider to raise the
Bayesian score to 35-39 (from default 25) increasing considerably the
percentuage to block spam using "assp scoring mode".
ASSP
SSL support on port 465 using
stunnel (#03)
( updated 14 Apr 2009 , compatible with 1.3.5 ,
1.3.9 , 1.4.4 , 1.5.1, 1.5.1.2 )
unsupported & untested on VPS . If you would apply on VPS make it
at your risk
Be sure your alternative port set on ASSP (by default 26) is allowed on your
firewall.
This article has been written by Szymon Rybczynski (pro-net-hosting.com
and prohost.pl)
HOW TO
All lines starting with # are commands to execute as root.
1. You need stunnel installed. Cpanel should have stunnel installed. To
check:
# stunnel -version
If you get something like "stunnel 4.05 on i686-redhat-linux-gnu
PTHREAD+LIBWRAP with OpenSSL 0.9.7a Feb 19 2003" you can continue.
2. You can make your own certificate for SSL or use Cpanel cert. This howto
shows how to use Cpanel cert. To make your own cert just search google for
instruction and change cert path in stunnel.conf to your cert.
3. Setting up stunnel user and config file:
# adduser stunnel;passwd stunnel
Set password for user stunnel
# cd /etc/stunnel;nano -w stunnel.conf
cat /usr/local/assp/assp.cfg | grep "listenPort2"
copy and paste this:
cert = /etc/stunnel/cpanel.pem
chroot = /usr/local/cpanel/var/run/stunnel-assp/
pid = /stunnel.pid
setuid = stunnel
setgid = stunnel
output = /var/log/stunnel.log
[ssmtp]
accept = 465
connect = 127.0.0.2:26
service assp restart;cd
/usr/local/cpanel/var/run/;mkdir stunnel-assp;chown stunnel.stunnel
stunnel-assp;stunnel /etc/stunnel/stunnel.conf;openssl s_client -quiet
-connect localhost:465
Save the file.
4. Copy cPanel cert.
If you have set correctly your own certificate for
your cpanel/exim services in
WHM > Service Configuration >> Manage Service SSL Certificates
execute this
# cp
/var/cpanel/ssl/cpanel/mycpanel.pem /etc/stunnel/cpanel.pem
otherwise execute this
# cp
/var/cpanel/ssl/cpanel/cpanel.pem /etc/stunnel/cpanel.pem
Note : if /usr/local/cpanel/etc/cpanel.pem
or (mycpanel.pem) does not exists you can
find
the cpanel certificate also here
/var/cpanel/ssl/cpanel/cpanel.pem , in this case execute this
# cp
/usr/local/cpanel/etc/cpanel.pem /etc/stunnel/ |
Now execute this
# cd
/etc/stunnel/;chown stunnel.stunnel cpanel.pem
5. Create run dir.
# cd /usr/local/cpanel/var/run/;mkdir stunnel-assp;chown stunnel.stunnel stunnel-assp
6. Setup 127.0.0.2 - if you don't do this you will create open relay on SSL
port.
# cp /etc/sysconfig/network-scripts/ifcfg-lo
/etc/sysconfig/network-scripts/ifcfg-lo:1;
# nano -w /etc/sysconfig/network-scripts/ifcfg-lo:1
Change it to look like this:
DEVICE=lo:1
IPADDR=127.0.0.2
NETMASK=255.0.0.0
NETWORK=127.0.0.0
BROADCAST=127.255.255.255
ONBOOT=yes
NAME=myloop
Save.
7. Now bring lo:1 up.
# /etc/sysconfig/network-scripts/ifup-aliases lo
# ifconfig
It should now list 127.0.0.2
8. Login to assp web interface (ip:55555) and change:
Network Setup:
------------
Second SMTP Listen Port
26
------------
Second SMTP Destination
127.0.0.1:125
------------
Force SMTP AUTH on Second SMTP Listen Port
Checked
------------
Relaying:
------------
Accept All Mail
127.0.0.1
If you make a mistake here you can make your mail server open relay so
double check the settings.
8. Open TCP port 465 on your frewall.
9. Now you are ready to start stunnel. Execute:
# stunnel /etc/stunnel/stunnel.conf
At this moment your SSL connection should work. Test it:
# openssl s_client -quiet -connect localhost:465
If you get error then something is wrong and you need to check
/var/log/stunnel.log
If you get something like:
"depth=0
/C=US/ST=Unknown/L=Unknown/O=Unknown/OU=Unknown/CN=dom.host.com/emailAddress=ssl.net
verify error:num=18:self signed certificate
verify return:1
depth=0
/C=US/ST=Unknown/L=Unknown/O=Unknown/OU=Unknown/CN=dom.host.com/emailAddress=ssl.net
verify return:1
220-pol.nameserverus2.com ESMTP Exim 4.63 #1 Mon, 23 Jul 2007 15:42:14 +0200
220-We do not authorize the use of this system to transport unsolicited,
220 and/or bulk e-mail."
Everything is ok and ready to use.
| Note |
If you don't want see
SSL popup when you send email using port 465 be sure that at
point 4) you copied the mycpanel.pem certificate and
your users must send email using as smtp the address of
your shared ssl . If you change the .pem file , and you
can't see the new certificate loaded correctly using
# openssl s_client -quiet -connect localhost:465
execute this
# service cpanel restart
# /usr/local/cpanel/3rdparty/bin/php-cgi
/usr/local/assp/deluxe/ex_localdomains.php
now if you execute this
# openssl s_client -quiet -connect localhost:465
you should see your server SSL certificate. |
|
10. if you would monitor stunnel daemon in case
it goes down you can add check_ssl=yes to your status.php cron in this
way
*/2 * * * * /usr/local/cpanel/3rdparty/bin/php-cgi
/usr/local/assp/deluxe/status.php check_ssl=yes
If you are using an alternative port different from port 26 , i.e. 40000
, in this case you should add also altport=40000
*/2 * * * * /usr/local/cpanel/3rdparty/bin/php-cgi
/usr/local/assp/deluxe/status.php check_ssl=yes altport=40000
Unofficial clamD signatures
(#8)
You can use Unofficial clamD signatures along with ASSP and existents
clamd official signatures to greatly improve SPAM and virus detection.
Requirements ; be sure your clamd is running
ps aux | grep -m1 "clamd"
and be sure ASSP is using clamd in this way ; open the stat page of your ASSP
Web interface
http://www.yousite.net:55555/infostats
Click Perl Modules , and if your have "File::Scan::ClamAV 1.8 installed and
available" your clamd is working fine.
Finally be sure you have ASSP Deluxe 3.3.0 or above and ASSP WHM 4.4.0
or above .
Note: by default email verified as bad by clamd signatures
are not collected and blocked as soon the signature is verified .
Now ,
In order to use and update daily unofficial clamd signatures , simply get into your crontab (crontab -e) and add
this line near your ASSP Deluxe crons:
0 4 * * * /usr/local/cpanel/3rdparty/bin/php-cgi
/usr/local/assp/deluxe/signatures.php
Unofficial signatures will be updated each day at 04:00 AM (the script
contains internal checks to avoid more frequent updates since if you try
updating signatures more often your server ip can be easly banned) . The script before
starting waits a random amount of time (1m-30m) to make sure everyone using this
script doesn't go
and download the definitions at the top of the hour.
The script loads and installs following unofficial clamd signatures ;
Sanesecurity (link)
rsync://rsync.sanesecurity.net/sanesecurity/scam.ndb
rsync://rsync.sanesecurity.net/sanesecurity/junk.ndb
rsync://rsync.sanesecurity.net/sanesecurity/rogue.hdb
rsync://rsync.sanesecurity.net/sanesecurity/spear.ndb
rsync://rsync.sanesecurity.net/sanesecurity/spamimg.hdb
rsync://rsync.sanesecurity.net/sanesecurity/lott.ndb
rsync://rsync.sanesecurity.net/sanesecurity/spam.ldb
msrbl (link)
rsync://rsync.mirror.msrbl.com/msrbl/MSRBL-SPAM.ndb
rsync://rsync.mirror.msrbl.com/msrbl/MSRBL-Images-FULL-SoN.hdb
securiteinfo.com (link)
Various badware signatures
:
http://clamav.securiteinfo.com/vx.hdb.gz
Securiteinfo.com Honeypot signatures :
http://clamav.securiteinfo.com/honeynet.hdb.gz
Honeynet.cz signatures
:
http://clamav.securiteinfo.com/securiteinfo.hdb.gz
French antispam signatures
:
http://clamav.securiteinfo.com/antispam.ndb.gz
malware (link)
http://www.malware.com.br/cgi/submit?action=list_clamav
All the script activity is logged here
tail -f /usr/local/assp/deluxe/signatures.log
When all your signatures will be loaded for the first time (it could require
also 1 hour to upload all your signatures , due to antiabuse sleeping time)
, spam detection will improve greatly .
Note: by default email verified as bad by clamd signatures
are not collected and blocked as soon the signature is verified .
If you have ASSP 1.5.1 or above and you would score (instead to block them immediately) the email verified
as bad only by clamd unofficial signatures , for example by Sanesecuirty
and SecuriteInfo only , open ASSP Web interface >
ClamAV menu > go to No-Blocking Virus Scoring Regex (SuspiciousVirus) and enter
this
Sanesecurity|SecuriteInfo
then go up to Virus Suspicious Score and set it to min 10 (
moderate/low ) to max 35 ( aggressive ). Clamd official
signatures will continue to block and not collect the email .
Unofficial clamd signatures , advanced settings
You may add following values to signatures.php ;
sa=0 , if you want skip (don't want use/update) Sanesecurity signatures
ms=0 , if you want skip (don't want use/update) msrbl signatures
se=0 , if you want skip (don't want use/update) securiteinfo.com
signatures
ma=0 , if you want skip (don't want use/update) malware.com.br signatures
rn=0 , if you want skip the starting random "sleeping" (1 max 30 minutes)
ff=0 , if you want skip the 12 hours delay after each update (not
reccomended!)
sg=0 , if you want skip the gpg sanesecurity signature check (faster)
dx=1 : UNINSTALL all the unofficial signatures (no update is executed)
If you would report a
bug/idea/suggestion/feedback
related with Unofficial clamd
signatures please send an email
clicking here.
