[Rspamd-Users] Regarding Malicious File blocking using hashes in rspamd

Thomas Plant thomas at plant.systems
Wed Oct 21 14:34:21 UTC 2020

Am 21.10.2020 um 15:59 schrieb Venkata Ganesh Raju Malyala:
>   Hello everyone,
> Can someone advise on the below.
> I have a file containing a set of malicious hashes.
> Is there any particular directory under which I can keep that file so that
> rspamd will automatically check hashes of incoming mails and their
> attachments and block those malicious hashes that are in the file.
> Thank you
> Ganesh


I use the following for the malware hashes from abuse.ch in my 

   # match md5sum hashes
   type = "selector";
   selector = "attachments(hex,md5)";
   map = "${LOCAL_CONFDIR}/maps/abuse_bazaar_full.txt";
   score = 7.0;

did not catch a file since I activated this, but I have a very low 
traffic server.....


More information about the Users mailing list