|
|
@@ -68,3 +68,39 @@ WL_FWD_HOST {
|
|
|
ENCRYPTED_CHAT {
|
|
|
expression = "CHAT_VERSION_HEADER & ENCRYPTED_PGP";
|
|
|
}
|
|
|
+
|
|
|
+CLAMD_SPAM_FOUND {
|
|
|
+ expression = "CLAM_SECI_SPAM & !MAILCOW_WHITE";
|
|
|
+ description = "Probably Spam, Securite Spam Flag set through ClamAV";
|
|
|
+ score = 5;
|
|
|
+}
|
|
|
+
|
|
|
+CLAMD_BAD_PDF {
|
|
|
+ expression = "CLAM_SECI_PDF & !MAILCOW_WHITE";
|
|
|
+ description = "Bad PDF Found, Securite bad PDF Flag set through ClamAV";
|
|
|
+ score = 8;
|
|
|
+}
|
|
|
+
|
|
|
+CLAMD_BAD_JPG {
|
|
|
+ expression = "CLAM_SECI_JPG & !MAILCOW_WHITE";
|
|
|
+ description = "Bad JPG Found, Securite bad JPG Flag set through ClamAV";
|
|
|
+ score = 8;
|
|
|
+}
|
|
|
+
|
|
|
+CLAMD_ASCII_MALWARE {
|
|
|
+ expression = "CLAM_SECI_ASCII & !MAILCOW_WHITE";
|
|
|
+ description = "ASCII malware found, Securite ASCII malware Flag set through ClamAV";
|
|
|
+ score = 8;
|
|
|
+}
|
|
|
+
|
|
|
+CLAMD_HTML_MALWARE {
|
|
|
+ expression = "CLAM_SECI_HTML & !MAILCOW_WHITE";
|
|
|
+ description = "HTML malware found, Securite HTML malware Flag set through ClamAV";
|
|
|
+ score = 8;
|
|
|
+}
|
|
|
+
|
|
|
+CLAMD_JS_MALWARE {
|
|
|
+ expression = "CLAM_SECI_JS & !MAILCOW_WHITE";
|
|
|
+ description = "JS malware found, Securite JS malware Flag set through ClamAV";
|
|
|
+ score = 8;
|
|
|
+}
|
Niklas Meyer