Koozali.org: home of the SME Server

Contribs.org Forums => General Discussion => Topic started by: holck on December 31, 2008, 08:57:48 AM

Title: Sanesecurity signatures no more available
Post by: holck on December 31, 2008, 08:57:48 AM: As explained on the website (www.sanesecurity.com), the provider of these extra, an in my experience very valuable, signatures for Clamav can no longer provide this service.

If you have made use of this service, please do not at the moment try to download the needed signatures, as this will only make it more difficult for the site to recover from an apparent DDOS attack.

Does anyone have suggestions or ideas to help distribute the signatures?

Happy new year to everyone
Jesper
Title: Re: Sanesecurity signatures no more available
Post by: cactus on December 31, 2008, 09:45:47 AM: Quote from: holck on December 31, 2008, 08:57:48 AM
As explained on the website (www.sanesecurity.com), the provider of these extra, an in my experience very valuable, signatures for Clamav can no longer provide this service.

If you have made use of this service, please do not at the moment try to download the needed signatures, as this will only make it more difficult for the site to recover from an apparent DDOS attack.

Does anyone have suggestions or ideas to help distribute the signatures?

Happy new year to everyone
Jesper
If these are implemented in the SME Server core I suggest launching a bug for it as well.
Title: Re: Sanesecurity signatures no more available
Post by: holck on January 24, 2009, 11:26:41 AM: As of January 20th, Sanesecurity is up and running again. The method for updating the signatures has changed: now rsync is used for updating clamav's databases.

More information can be found on http://sanesecurity.co.uk/clamav/

I have set it up on my server and it seems to run very well. The next step should maybe be to create a contrib for it.

Jesper

Thanks for keeping the contribs site running, despite all the technical problems :-)
Title: Re: Sanesecurity signatures no more available
Post by: Knuddi on March 19, 2009, 09:47:48 AM: The various locations for these signatures have changed and I have there updated the script needed to download. See:

http://wiki.contribs.org/Email#Anti_Virus

Make sure to remove the old script /etc/cron.daily/update_sanesecurity as it is no longer needed.

Enjoy,
Jesper
Title: Re: Sanesecurity signatures no more available
Post by: holck on March 23, 2009, 08:50:28 PM: Thanks Jesper, seems to work fine on my server :-)

The only problem is that my server still can't find the IP-address of www.malware.com.br, as I have previously mentioned (http://forums.contribs.org/index.php?topic=42808), so I have had to enter its IP-address manually.

The described techniques make my server filter spam better (close to zero false positives and false negatives) than any other email-provider I have experienced.

Jesper
Title: Re: Sanesecurity signatures no more available
Post by: Knuddi on March 23, 2009, 09:13:17 PM: I have the same issues via my provider (TDC.dk) and have patched the code to use IP address rather than DNS lookup. With your (great) name (Jesper?) you could be limited by the same ISP?

This is not a general TDC issue as business customers (well at least SmartShare Systems where I work) do not have a problem we here we also use TDC based network.

I have changed to use opendns.org as primary and secondary DNS servers - just to see how that works.