The original aim was for this script to fit into a MailScanner system, just by copying it into /etc/cron.hourly and making it executable.

You will need to read the settings at the top of the script in order to configure it for your system. It needs to know a working directory for its cache of downloaded files and a few other simple settings. Each setting is preceded by a brief description of its effect.

Mostly you can just leave the settings alone, except for the command to run after it has finished. If you are using SpamAssassin via spamd, for example, you would want to set that one to "/sbin/service spamd restart".

I have taken a lot of care to ensure that this won't match any false alarms, I don't just dumbly look for the strings in any surrounding text, which certain commercial AV vendors have been caught doing in the past!

I make a suggestion in the comments at the top of the script about how I use the rule within MailScanner, you probably want to do something similar, and not just delete anything that matches, just in case you do get any false alarms.

You can also add addresses of your own (which can include "*" as a wildcard character to mean "any series of valid characters" in the email address), one address per line, in an optional extra file. Again, read the top of the script and you will see it mentioned there. That file is optional, it does not matter if it doesn't exist. As a starter, you might want to put
in that file, as it will nicely catch a lot of "Job opportunity" spams.

It looks for any of these addresses appearing anywhere in the message, not just in the headers. So if you start talking to people about these addresses, don't be surprised when the messages get caught by the trap.

It uses the command "wget", so make sure you have that binary installed, or else change the script to fetch the file by some other means.

The very end of the script does a "service MailScanner reload", so if you need some other command to reload MailScanner or your SpamAssassin setup, then edit it for your system. If you don't use MailScanner, but do use "spamd" in some setup or other, then a simple "service spamd restart" would do at the end of the script.

My aim was that, on a RedHat system running MailScanner, you could just copy the script into /etc/cron.hourly and make it executable, and it will just get on with the job for you. I do advise you read the bit in the script about "SpamAssassin Rule Actions" though.

ClamAV Signatures

To use the ScamNailer database in ClamAV, all you need to do is download the signatures file from once per hour and put it in your ClamAV Database Directory.

It's Free

ScamNailer is completely free of charge, requiring no licence, installation or subscription fees. Free assistance is provided through mailing lists and instant support is available through a dedicated IRC channel, which is monitored 24 hours per day. A range of companies also provide commercial tailor-made support contracts. It is currently used by a very large selection of organisations around the world, from small companies and ISPs to the US Government and Military.

Copyright 2009 © Julian Field/ScamNailer