MailCleaner OpenSource Edition Forum

I downloaded and updated for mailcleaner the sanesecurity, SecuriteInfo & msrbl signature updater.

This uses the following signatures:
Sanesecurity sigs:
junk.ndb spam.ldb
jurlbl.ndb spamimg.hdb
jurlbla.ndb spear.ndb
lott.ndb winnow_malware.hdb
phish.ndb winnow_malware_links.ndb
rogue.hdb winnow_spam_complete.ndb
sanesecurity.ftm winnow_phish_complete_url.ndb
scam.ndb winnow.complex.patterns.ldb

MS-Rbl sigs:
MSRBL-Images.hdb MSRBL-SPAM.ndb MSRBL-SPAM-CR.ndb

SecuriteInfo sigs:
vx.hdb honeynet.hdb securiteinfo.hdb

MalwarePatrol Database:
mbl.ndb

To Install:

1. Run aptitude install rsync gnupg curl socat gzip dnsutils
(Even if aptitiude doesn't have super cow powers!)
Dont forget to do aptitiude update first!

2. In my install I created ...
/sanesecurity /sanesecurity/cache

3. Unzip and copy these files to the /sanesecurity folder:
http://www.the-nelsons.us/clamspam-sigs.zip
- Or if using Mailcleaner 2010 version -
http://www.the-nelsons.us/clamspam-sigs-MC2010.zip
Also run these on beta 1 if you havent already...
cd /usr/mailcleaner/etc/init.d
cvs update clamspamd

4. Change the permissions so the script can execute.
chmod 755 /sanesecurity/clamspam-sigs.sh

5. Edit crontab so the script runs hourly at x:30.
nano /etc/crontab
Add:
30 * * * * root /sanesecurity/clamspam-sigs.sh >& /dev/null

Hope this helps someone...

This is a modified version of the script from http://www.inetmsg.com/pub/clamav-unofficial-sigs.tar.gz as of Oct 4 2009.

# This script freely provided by Bill Landry (bill@inetmsg.com).
# Comments, suggestions, and recommendations for improving this
# script are always welcome.
#
# Script documentation and updates can be viewed/downloaded from:
#
# http://www.inetmsg.com/pub/
#
# The latest version will always be named: clamav-unofficial-sigs.tar.gz
# Older versions can be found in the "archive" directory.

For mailcleaner 2010 beta...

Update the path in clamspam-sigs.conf from /usr/clamav/bin to /opt/clamav/bin.

Everything else should be fine.

If you have a problem with the apt-get command dont forget to apt-get update... I did!

~ Tom

It's not apt-get anymore, please use aptitude instead (Debian 5)

It seems http://www.the-nelsons.us/clamspam-sigs.conf doesn't exist any more, I get a 404 error.

thank you for the tips.


...what is wrong with apt-get on lenny?
aptitude was also available on etch but i
prefer apt-get at all;)

( do i miss something in the apt-get context? )


greetings GaXy

You can use the clamav-unofficial-sigs.conf from http://www.inetmsg.com/pub/clamav-unoff ... igs.tar.gz. Then...

1) Rename the file to clamspam-sigs.conf
2) Update the path in clamspam-sigs.conf from /usr/clamav/bin to /opt/clamav/bin.
3) Update clam_dbs="/var/lib/clamav" to clam_dbs="/var/mailcleaner/spool/clamspam"
4) Update clamd_pid="/var/run/clamd.pid" to clamd_pid="/var/mailcleaner/run/clamav/clamd.pid"
5) Make sure user_configuration_complete="yes"

Any other changes are up to you...


T

apt-get worked last night for me... Are they getting rid of apt-get?
I certainly hope they dont get rid of apt-get as I like the command line version alot better than the 'pseudo gui' aptitude.

And how can anyone use an app that doesnt have super cow powers?

From the help dialog...
This aptitude does not have Super Cow Powers.

Post removed. I changed the original post.

Ok.. this one took me a minute to catch, and maybe its just me? but...

If you try and execute the bash script in this zipped archive, it appears to have been touched by DOS... there are ^M's all over the place... quick solution?

1. Open the clamspam-sigs.sh in vi.

2. In vi, do a :%s/^M//g

3. NOTE: To get the '^M' - hold the control key, press V then M (Both while holding the control key) and the ^M will appear.

4. The command in step 2 will find all occurances and replace them with nothing (effectively removing the problem).

4. Save

now everything works good. Thanks for the script BTW uncltom!

Ok, another problem noted...

when following the above for MC2010, after updating the dbs, the dameon does not start...




There are obviously multiple ndb hdb files in the $VARDIR/spool/clamspam folder when the scripts are done updating, and when the script runs, the following is the faliure output and ClamSpam deameon fails to start:



The offending line appears to be if [ -f $VARDIR/spool/clamspam/*db ]; . At first, I removed all but one .ndb file and was successful in starting, then I added the rest of the .ndb and .hdb files back in, and once again faliure to launch.

Quick workaround was to just change


to



With a single arguement to an existing file, the dameon seems to launch and function.

Any suggestions?

please look here, it should fix the problem:
http://forum.mailcleaner.org/viewtopic.php?f=6&t=931

Great, thanks, that works.

Maybe I will write a new quick how-to that combines all the cleanup information in this subject as it pertains to the 2010 version for others to follow.

Both the files referenced above are attached. I also fixed the http site as well.
~ Tom

I tested your script and after the download of the updates i get the following error:

=================================================
= Update(s) detected, reloaded ClamAV databases =
=================================================
ERROR: Can't connect to clamd: No such file or directory

Does anyone has an idea how to solve this????

This happened on mine until I started the clamspam daemon. The daemon won't restart unless databases exist.
Try restarting clamspam...
/usr/mailcleaner/etc/init.d/clamspamd restart

~ Tom