clamav-users June 2008 archive
Main Archive Page > Month Archives  > clamav-users archives
clamav-users: [Clamav-users] Third-Party Signatures: Sanesecurit

[Clamav-users] Third-Party Signatures: Sanesecurity

From: Steve Basford <steveb_clamav_at_nospam>
Date: Thu Jun 12 2008 - 19:11:54 GMT
To: ClamAV users ML <>

Sorry to hijack the list...just a few quick updates:

  1. Signature Tests

I've introduced a few Sanesecurity Signature tests, to help you make sure you are getting the best out of the signatures available. Make sure you pass all three tests (scroll down page) here:

2. Third Party signature names:

Just a reminder, some of the download scripts, also download signatures from other Third-Party signature makers, so, if you have a problem with any of the signatures, look at the signature name to see who produced it... here's a brief guide on who to contact (*see above link*)

Sanesecurity: produced by Sanesecurity
MSRBL-Images or MSRBL-SPAM: produced by MSRBL MBL: produced by Malware Block List produced by SecuriteInfo

Any other signature name, usually mean it's an official ClamAV signature.

3. New Project: Bounce

We've all been hit with backscatter/bounces/joejobs from time to time... this ClamAV .ndb formatted standalone database, can be used to block a large portion of these bounce/backscatter messages, while you are "under attack".

  • Now, the most important bit... this signature database *** will block *** legitmate bounce messages, as well as fake bounce messages, so it should only be used for a short period of time, until things return to normal.***

More details here:

4. Updated Project: PhishBar

Using this signature database scan you hosted websites and seeing if any of your users have phishing sites stored in their home directories/user space.

More details here:

Have a good weekend everyone,



Help us build a comprehensive ClamAV guide: visit