From 689856b186f9d26cc0e0275ad2f1069966632538 Mon Sep 17 00:00:00 2001 From: DerLinkman Date: Fri, 23 Jun 2023 16:13:25 +0200 Subject: [PATCH 1/3] New Symbols defined for Security ClamAV DBs --- data/conf/rspamd/local.d/composites.conf | 30 ++++++++++++++++++++++++ 1 file changed, 30 insertions(+) diff --git a/data/conf/rspamd/local.d/composites.conf b/data/conf/rspamd/local.d/composites.conf index 02ff955b4c..b342bca61a 100644 --- a/data/conf/rspamd/local.d/composites.conf +++ b/data/conf/rspamd/local.d/composites.conf @@ -68,3 +68,33 @@ WL_FWD_HOST { ENCRYPTED_CHAT { expression = "CHAT_VERSION_HEADER & ENCRYPTED_PGP"; } + +CLAMD_SPAM_FOUND { + expression = "CLAM_SECI_SPAM & !MAILCOW_WHITE"; + description = "Probably Spam, Securite Spam Flag set through ClamAV"; + weight = 4.5; +} + +CLAMD_BAD_PDF { + expression = "CLAM_SECI_PDF & !MAILCOW_WHITE"; + description = "Bad PDF Found, Securite bad PDF Flag set through ClamAV"; + score = 6; +} + +CLAMD_BAD_JPG { + expression = "CLAM_SECI_JPG & !MAILCOW_WHITE"; + description = "Bad JPG Found, Securite bad JPG Flag set through ClamAV"; + score = 3; +} + +CLAMD_BAD_HTML { + expression = "CLAM_SECI_HTML & !MAILCOW_WHITE"; + description = "Bad HTML Found, Securite bad HTML Flag set through ClamAV"; + score = 8; +} + +CLAMD_BAD_JS { + expression = "CLAM_SECI_JS & !MAILCOW_WHITE"; + description = "Bad JS Found, Securite bad JS Flag set through ClamAV"; + score = 8; +} \ No newline at end of file From 8cd4ae1e349f926b0a738e2165e54ead5c5b129a Mon Sep 17 00:00:00 2001 From: DerLinkman Date: Fri, 23 Jun 2023 16:19:37 +0200 Subject: [PATCH 2/3] Improved Scores --- data/conf/rspamd/local.d/composites.conf | 18 ++++++++++++------ 1 file changed, 12 insertions(+), 6 deletions(-) diff --git a/data/conf/rspamd/local.d/composites.conf b/data/conf/rspamd/local.d/composites.conf index b342bca61a..cc458ea06f 100644 --- a/data/conf/rspamd/local.d/composites.conf +++ b/data/conf/rspamd/local.d/composites.conf @@ -78,23 +78,29 @@ CLAMD_SPAM_FOUND { CLAMD_BAD_PDF { expression = "CLAM_SECI_PDF & !MAILCOW_WHITE"; description = "Bad PDF Found, Securite bad PDF Flag set through ClamAV"; - score = 6; + score = 8; } CLAMD_BAD_JPG { expression = "CLAM_SECI_JPG & !MAILCOW_WHITE"; description = "Bad JPG Found, Securite bad JPG Flag set through ClamAV"; - score = 3; + score = 8; +} + +CLAMD_ASCII_MALWARE { + expression = "CLAM_SECI_ASCII & !MAILCOW_WHITE"; + description = "ASCII malware found, Securite ASCII malware Flag set through ClamAV"; + score = 8; } -CLAMD_BAD_HTML { +CLAMD_HTML_MALWARE { expression = "CLAM_SECI_HTML & !MAILCOW_WHITE"; - description = "Bad HTML Found, Securite bad HTML Flag set through ClamAV"; + description = "HTML malware found, Securite HTML malware Flag set through ClamAV"; score = 8; } -CLAMD_BAD_JS { +CLAMD_JS_MALWARE { expression = "CLAM_SECI_JS & !MAILCOW_WHITE"; - description = "Bad JS Found, Securite bad JS Flag set through ClamAV"; + description = "JS malware found, Securite JS malware Flag set through ClamAV"; score = 8; } \ No newline at end of file From 6e9c024b3c30f58d8e080490688baec6a84c3deb Mon Sep 17 00:00:00 2001 From: DerLinkman Date: Tue, 27 Jun 2023 10:28:52 +0200 Subject: [PATCH 3/3] Changed weight to score for CLAMD_SPAM --- data/conf/rspamd/local.d/composites.conf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/data/conf/rspamd/local.d/composites.conf b/data/conf/rspamd/local.d/composites.conf index cc458ea06f..cde34b5746 100644 --- a/data/conf/rspamd/local.d/composites.conf +++ b/data/conf/rspamd/local.d/composites.conf @@ -72,7 +72,7 @@ ENCRYPTED_CHAT { CLAMD_SPAM_FOUND { expression = "CLAM_SECI_SPAM & !MAILCOW_WHITE"; description = "Probably Spam, Securite Spam Flag set through ClamAV"; - weight = 4.5; + score = 5; } CLAMD_BAD_PDF {