[Rspamd-Users] Regarding Malicious File blocking using hashes in rspamd
Thomas Plant
thomas at plant.systems
Wed Oct 21 14:34:21 UTC 2020
Am 21.10.2020 um 15:59 schrieb Venkata Ganesh Raju Malyala:
> Hello everyone,
>
> Can someone advise on the below.
> I have a file containing a set of malicious hashes.
> Is there any particular directory under which I can keep that file so that
> rspamd will automatically check hashes of incoming mails and their
> attachments and block those malicious hashes that are in the file.
>
> Thank you
> Ganesh
Hi,
I use the following for the malware hashes from abuse.ch in my
multimap.conf:
ABUSE_FEODO_MD5_full {
# match md5sum hashes
type = "selector";
selector = "attachments(hex,md5)";
map = "${LOCAL_CONFDIR}/maps/abuse_bazaar_full.txt";
symbol = "ABUSE_MALWAREBAZAR_MD5_FULL";
score = 7.0;
}
did not catch a file since I activated this, but I have a very low
traffic server.....
Greetings,
Thomas
More information about the Users
mailing list