Yet Another antiVirus Recipe
Yet Another antiVirus Recipe is a procmail that helps to filter out a lot of the most common e-mail worms. It detects worms with base-64 signatures (such as Klez, Hybris, and BugBear), HTML IFRAME exploits, CLSID hidden extension exploits, -XML code base exploits, executable extensions (bat, pif, vbs, vba, scr, lnk, com, and exe), and macros for doc, dot, xls, and xla files. It also detects most Nigerian scam e-mails.
| Tags | Communications Email Filters Security |
|---|---|
| Licenses | GPL |
Recent releases
- 04 Dec 2004 01:17
Changes: This release adds signatures for Bagle.zip, NetSky.Z, NetSky.AD, and Sober.I.
- 18 Nov 2004 02:25
Changes: Several new signatures were added for Bagle.zip, Bagle.cpl, NetSky.AD, NetSky.L, NetSky.Q, and Blackmal.C. NetSky.L (Moodown) is a variable virus and the procmail trap is still on trial.
- 30 Oct 2004 14:48
Changes: Many new signatures were added: Blackmal.C, Lovgate.X Mota.B, Bagle.AR, Bagle.AS, Bagle-zip, Netsky.AD, Bagle.AV, Bagle.AW, Bagle.cpl.
- 24 Sep 2004 17:15
Changes: This release adds signatures for Mota.b, Download.JEct.c, NetSky.p, baglezip, and NetSky.M, and includes the .pi_ extension.
- 26 Aug 2004 13:18
Changes: Signatures have been added for NetSky.p, Mota.b, baglezip, and MyDoom.o. More Mydoom.L & M handling has been added.
- All comments
Recent commentsbinary data in log
I see a lot of Skipped: in the log, accompanied by some binay data. What I'm doing wrong?
very nice
I agree, very nice.
Re: YAVR
> Thank you for using YAVR.
> YAVR is mostly a virus catching recipe.
> There are very powerfull tools for pure
> spam.
> I added spamhaus checking because some
> viruses use open-relay mail servers as
> well.
> You can find more info at
> www.spamhaus.org
>
> "host" command is something like
> "nslookup". It is used to check for an
> IP to the spamhaus list of blacklisted
> servers. If it is found it returns a
> 127.0.0.2 or .4
>
And thank you very much for writing it !
I found the 'host' package, installed it and I must admit spamhaus checking works very well.
Sure, there are powerful bayesian filters for spam, but your recipe really suits my needs and catches every virus and nearly every spam I receive.
Re: YAVR
> A very impressive recipe ! it catches
> nearly 100% of my daily spam.
> What is the 'host' command used at the
> end of the file in the SPAMHAUS recipe ?
> I'd like to use spamhaus checking but I
> don't know where this command comes
> from.
>
>
Thank you for using YAVR.
YAVR is mostly a virus catching recipe. There are very powerfull tools for pure spam.
I added spamhaus checking because some viruses use open-relay mail servers as well.
You can find more info at www.spamhaus.org
"host" command is something like "nslookup". It is used to check for an IP to the spamhaus list of blacklisted servers. If it is found it returns a 127.0.0.2 or .4
Re: YAVR
A very impressive recipe ! it catches nearly 100% of my daily spam.
What is the 'host' command used at the end of the file in the SPAMHAUS recipe ? I'd like to use spamhaus checking but I don't know where this command comes from.