A lot of pdf mail arrive in mailbox and maia can’t detect that. After googling I found in howtoforge about Filtering PDF-/XLS-/Image-Spam With ClamAV (And ISPConfig) On Debian/Ubuntu.

I wanna try it for FreeBSD, after red last section I try to update the scripts.

Changing two lines as suggested based on clamav installation on FreeBSD 6.2

clam_sigs="/var/db/clamav/"

clam_user="vscan"

run the script :

jedimaster# sh ss-msrbl.sh
=================================
SaneSecurity SCAM Database Update
=================================

curl: not found

my bad, Installing curl first

jedimaster# cd /usr/ports/ftp/curl && make install

jedimaster# whereis curl
curl: /usr/local/bin/curl /usr/local/man/man1/curl.1.gz /usr/ports/ftp/curl
try again :

jedimaster# sh ss-msrbl.sh
=================================
SaneSecurity SCAM Database Update
=================================

  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100  118k  100  118k    0     0  13903      0  0:00:08  0:00:08 –:–:– 56093

==================================
SaneSecurity PHISH Database Update
==================================

  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100  180k  100  180k    0     0  26849      0  0:00:06  0:00:06 –:–:– 62900

==========================
MSRBL SPAM Database Update
==========================

Number of files: 1
Number of files transferred: 1
Total file size: 228436 bytes
Total transferred file size: 228436 bytes
Literal data: 228436 bytes
Matched data: 0 bytes
File list size: 33
File list generation time: 0.001 seconds
File list transfer time: 0.000 seconds
Total bytes sent: 101
Total bytes received: 228579

sent 101 bytes  received 228579 bytes  26903.53 bytes/sec
total size is 228436  speedup is 1.00
mv: illegal option — u
usage: mv [-f | -i | -n] [-v] source target
       mv [-f | -i | -n] [-v] source … directory

===========================
MSRBL IMAGE Database Update
===========================

Number of files: 1
Number of files transferred: 1
Total file size: 520896 bytes
Total transferred file size: 520896 bytes
Literal data: 520896 bytes
Matched data: 0 bytes
File list size: 35
File list generation time: 0.001 seconds
File list transfer time: 0.000 seconds
Total bytes sent: 103
Total bytes received: 521077

sent 103 bytes  received 521077 bytes  45320.00 bytes/sec
total size is 520896  speedup is 1.00
mv: illegal option — u
usage: mv [-f | -i | -n] [-v] source target
       mv [-f | -i | -n] [-v] source … directory
jedimaster#

man about mv in linux  for u option :

-u, –update
    move only when the SOURCE file is newer than the destination file or when the destination file is missing

in FreeBSD, man about mv :

-f      Do not prompt for confirmation before overwriting the destination
             path.  (The -f option overrides any previous -i or -n options.)

     -v      Cause mv to be verbose, showing files after they are moved.

update the script manually to remove -u and try again :

jedimaster# sh ss-msrbl.sh
=================================
SaneSecurity SCAM Database Update
=================================

  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
  0     0    0     0    0     0      0      0 –:–:–  0:00:02 –:–:–     0

==================================
SaneSecurity PHISH Database Update
==================================

  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
  0     0    0     0    0     0      0      0 –:–:–  0:00:03 –:–:–     0

==========================
MSRBL SPAM Database Update
==========================

Number of files: 1
Number of files transferred: 0
Total file size: 228436 bytes
Total transferred file size: 0 bytes
Literal data: 0 bytes
Matched data: 0 bytes
File list size: 33
File list generation time: 0.001 seconds
File list transfer time: 0.000 seconds
Total bytes sent: 79
Total bytes received: 73

sent 79 bytes  received 73 bytes  23.38 bytes/sec
total size is 228436  speedup is 1502.87

===========================
MSRBL IMAGE Database Update
===========================

Number of files: 1
Number of files transferred: 0
Total file size: 520896 bytes
Total transferred file size: 0 bytes
Literal data: 0 bytes
Matched data: 0 bytes
File list size: 35
File list generation time: 0.001 seconds
File list transfer time: 0.000 seconds
Total bytes sent: 81
Total bytes received: 75

sent 81 bytes  received 75 bytes  28.36 bytes/sec
total size is 520896  speedup is 3339.08
jedimaster#

Great

Time to test pdf mail style, get sample from my gmail account in spam folder to my alamsyah account in rasyid.net return.

1st attempt, wait ….

email successfully arrived

Dam, I forget to restart clamav

jedimaster# /usr/local/etc/rc.d/clamav-clamd restart
Stopping clamav_clamd.
Waiting for PIDS: 50316.
Starting clamav_clamd.

Trying send email again from gmail.

Nothing appear in my webmail. Good…good.

See maillog :

Jul 28 17:33:15 jedimaster amavis[32083]: (32083-04) Checking: [209.85.132.246] <alamster@gmail.com> -> <alamsyah@rasyid.net>
Jul 28 17:33:15 jedimaster amavis[32083]: (32083-04) p004 1 Content-Type: multipart/mixed
Jul 28 17:33:15 jedimaster amavis[32083]: (32083-04) p005 1/1 Content-Type: multipart/alternative
Jul 28 17:33:15 jedimaster amavis[32083]: (32083-04) p001 1/1/1 Content-Type: text/plain, size: 141 B, name:
Jul 28 17:33:15 jedimaster amavis[32083]: (32083-04) p002 1/1/2 Content-Type: text/html, size: 331 B, name:
Jul 28 17:33:15 jedimaster amavis[32083]: (32083-04) p003 1/2 Content-Type: application/pdf, size: 28933 B, name: Email.pdf
Jul 28 17:33:15 jedimaster amavis[32083]: (32083-04) ask_av (ClamAV-clamd):

/var/amavisd/tmp/amavis-20070728T155831-32083/parts INFECTED: Email.Stk.Gen592.Sanesecurity.07071801.pdf
Jul 28 17:33:15 jedimaster amavis[32083]: (32083-04) virus_scan: (Email.Stk.Gen592.Sanesecurity.07071801.pdf), detected by 1

scanners: ClamAV-clamd
Jul 28 17:33:15 jedimaster amavis[32083]: (32083-04) Virus Email.Stk.Gen592.Sanesecurity.07071801.pdf matches (?-xism:.*),

sender addr ignored
Jul 28 17:33:15 jedimaster amavis[32083]: (32083-04) Blocked INFECTED (Email.Stk.Gen592.Sanesecurity.07071801.pdf),

[209.85.132.246] [209.85.132.246] <?@an-out-0708.google.com> -> <alamsyah@rasyid.net>, Message-ID:

<d7c6b0960707280333h320f4101l3f5a5543c552c3bc@mail.gmail.com>, Hits: -, 747 ms

Perfect, Clamav block it  .

Cron time

• sanesecurity
• ss-msrbl txt
• sanesecurity freebsd
• sanesecurity clamav freebsd
• Sanesecurity clamav ispconfig
• sanesecurity connection ports
• sanesecurity curl
• sanesecurity install
• sanesecurity pdf
• SaneSecurity SCAM Database Update
• Sanesecurity test
• sanesecurity tutorial
• setup sanesecurity with freebsd
• ss-msrbl sh
• clamav signatures pdf type
• sanesecurity block good mail
• natasha499@gmail com
• clamav update manually db move -freshclam
• curl port sanesecurity
• email stk gen592 sanesecurity 07071801 pdf
• freebsd pdf
• freebsd postfix sanesecurity
• inrasyid net
• install SaneSecurity
• install sanesecurity on linux
• install sanesecurity scripts
• mv illegal option -- 0
• mv: illegal option
• mv: illegal option u
• usage: mv [-f | -i | -n] [-v] source target mv [-f | -i | -n] [-v] source directory