Projects / Yet Another antiVirus Recipe

Yet Another antiVirus Recipe

Yet Another antiVirus Recipe is a procmail that helps to filter out a lot of the most common e-mail worms. It detects worms with base-64 signatures (such as Klez, Hybris, and BugBear), HTML IFRAME exploits, CLSID hidden extension exploits, -XML code base exploits, executable extensions (bat, pif, vbs, vba, scr, lnk, com, and exe), and macros for doc, dot, xls, and xla files. It also detects most Nigerian scam e-mails.

Tags
Licenses

Recent releases

  •  04 Dec 2004 09:17

    Release Notes: This release adds signatures for Bagle.zip, NetSky.Z, NetSky.AD, and Sober.I.

    •  18 Nov 2004 10:25

      Release Notes: Several new signatures were added for Bagle.zip, Bagle.cpl, NetSky.AD, NetSky.L, NetSky.Q, and Blackmal.C. NetSky.L (Moodown) is a variable virus and the procmail trap is still on trial.

      •  30 Oct 2004 21:48

        Release Notes: Many new signatures were added: Blackmal.C, Lovgate.X Mota.B, Bagle.AR, Bagle.AS, Bagle-zip, Netsky.AD, Bagle.AV, Bagle.AW, Bagle.cpl.

        •  25 Sep 2004 00:15

          Release Notes: This release adds signatures for Mota.b, Download.JEct.c, NetSky.p, baglezip, and NetSky.M, and includes the .pi_ extension.

          •  26 Aug 2004 20:18

            Release Notes: Signatures have been added for NetSky.p, Mota.b, baglezip, and MyDoom.o. More Mydoom.L & M handling has been added.

            Recent comments

            25 Sep 2004 03:32 finest137

            binary data in log
            I see a lot of Skipped: in the log, accompanied by some binay data. What I'm doing wrong?

            21 Apr 2004 09:45 teksys

            very nice
            I agree, very nice.

            13 Mar 2004 12:49 00Antoine00

            Re: YAVR

            > Thank you for using YAVR.
            > YAVR is mostly a virus catching recipe.
            > There are very powerfull tools for pure
            > spam.
            > I added spamhaus checking because some
            > viruses use open-relay mail servers as
            > well.
            > You can find more info at
            > www.spamhaus.org
            >
            > "host" command is something like
            > "nslookup". It is used to check for an
            > IP to the spamhaus list of blacklisted
            > servers. If it is found it returns a
            > 127.0.0.2 or .4
            >


            And thank you very much for writing it !
            I found the 'host' package, installed it and I must admit spamhaus checking works very well.
            Sure, there are powerful bayesian filters for spam, but your recipe really suits my needs and catches every virus and nearly every spam I receive.

            12 Mar 2004 22:52 nikant

            Re: YAVR

            > A very impressive recipe ! it catches
            > nearly 100% of my daily spam.
            > What is the 'host' command used at the
            > end of the file in the SPAMHAUS recipe ?
            > I'd like to use spamhaus checking but I
            > don't know where this command comes
            > from.
            >
            >


            Thank you for using YAVR.
            YAVR is mostly a virus catching recipe. There are very powerfull tools for pure spam.
            I added spamhaus checking because some viruses use open-relay mail servers as well.
            You can find more info at www.spamhaus.org

            "host" command is something like "nslookup". It is used to check for an IP to the spamhaus list of blacklisted servers. If it is found it returns a 127.0.0.2 or .4

            12 Mar 2004 08:24 00Antoine00

            Re: YAVR
            A very impressive recipe ! it catches nearly 100% of my daily spam.
            What is the 'host' command used at the end of the file in the SPAMHAUS recipe ? I'd like to use spamhaus checking but I don't know where this command comes from.

            Screenshot

            Project Spotlight

            OpenStack4j

            A Fluent OpenStack client API for Java.

            Screenshot

            Project Spotlight

            TurnKey TWiki Appliance

            A TWiki appliance that is easy to use and lightweight.