| Some
of download scripts, as well as downloading the Sanesecurity
signatures can also download other Third-Party databases.
The following tables contains a brief list of all Third-Party
databases, their brief description and also my opinion on their
appoximate false positive risk, but your milage may vary.
It's also recommended, especially on the high risk groups,
to score the detections, instead of an outright block
and it's down to each signature user, to determine their detection
rate vs false positive rate for each group.
Any false positives will normally be fixed by each signature
producer.
The
following databases are distributed and produced by Sanesecurity
Database Name |
Description |
FP
Risk |
| junk.ndb |
General
high hitting junk, containing spam/phishing/lottery/jobs/419s
etc. |
Low |
| jurlbl.ndb |
Junk
Url based |
Low |
| jurlbla.ndb |
Junk
Url based autogenerated from various feeds |
Med |
| lott.ndb |
Lottery |
Med |
| phish.ndb |
Phishing |
Low |
| rogue.hdb |
Zero Hour Malware,
Rogue anti-virus software and Fake codecs etc.
Please send
any Undetected virus samples to
|
Low |
| sanesecurity.ftm |
Message
file types (REQUIRED for best performance) |
- |
| sigwhitelist.ign2 |
Fast
update file to whitelist any problem signatures (REQUIRED 0.96rc1+) |
- |
| scam.ndb |
Spam/scams |
Low |
| spam.ldb |
Spam
detected using the new Logical Signature type |
Med |
| spamimg.hdb |
Spam
images |
Low |
| spamattach.hdb |
Spam
Spammed attachments such as pdf's/docs/rtf/zips |
Low |
| spear.ndb |
Spear
phishing email addresses (autogenerated from data here) |
Med |
| spearl.ndb |
Spear
phishing urls (autogenerated from data here) |
Med |
| blurl.ndb |
Blacklisted full urls over the last 7 days, covering malware/spam/phishing. URL's added
only when main signatures have failed to detect but are known to be "bad". |
Low |
The following databases are distributed by Sanesecurity, but produced by OITC
Database
Name
|
Description
|
FP
Risk |
| winnow_malware.hdb |
Current
virus, trojan and other malware not yet detected by ClamAV. Undetected
virus samples can be sent to virus_samples@oitc.com |
Low |
| winnow_malware_links.ndb |
Links
to malware |
Low |
| winnow_spam_complete.ndb |
Signatures to detect fraud and other malicious spam |
Med |
| winnow_phish_complete.ndb |
Phishing
and other malicious url's and compromised hosts |
High |
| winnow_phish_complete_url.ndb |
Similar
to winnow_phish_complete.ndb except that entire urls's are
used |
Med |
| winnow.complex.patterns.ldb |
contain hand generated signatures for malware and some egregious fraud |
Med |
| winnow_extended_malware.hdb |
contain hand generated signatures for malware. |
Low |
| winnow_extended_malware_links.ndb |
contain hand generated signatures for malware links. |
Med |
| winnow.attachments.hdb |
Spammed attachments such as pdf's/docs/rtf/zips |
Low |
| winnow_bad_cw.hdb |
md5 hashes of malware attachments acquired directly from a group of botnets |
Low |
| Note:
the two databases winnow_phish_complete.ndb
and winnow_phish_complete_url.ndb shouldn't be used together. |
The following
databases are distributed by Sanesecurity, but produced
by Julian Field
Database
Name
|
Description
|
FP
Risk
|
| scamnailer.ndb |
Spear
phishing and other phishing emails |
Med
|
The
following databases are distributed by Sanesecurity,
but produced by Doppelstern
Antispam
Database
Name
|
Description
|
FP
Risk
|
| doppelstern.ndb |
phishing, scams and other junk |
Med |
| doppelstern.hdb |
hashes of spam documents and images |
Low |
The
following databases are distributed by Sanesecurity,
but produced by bofhland
Database
Name
|
Description
|
FP
Risk
|
| bofhland_cracked_URL.ndb |
Spam URLs |
Low |
| bofhland_malware_URL.ndb |
Malware URLs |
Low |
| bofhland_phishing_URL.ndb |
Phishing URLs |
Low |
The
following databases are distributed by Sanesecurity,
but produced by CRDF
Database
Name
|
Description
|
FP
Risk
|
| crdfam.clamav.hdb |
List of new threats detected by CRDF Anti Malware. |
Low |
The
following databases are distributed by Sanesecurity,
but produced by Porcupine Signatures
Database
Name
|
Description
|
FP
Risk
|
| porcupine.ndb |
Brazilian e-mail phishing and malware signatures. |
Low |
| phishtank.ndb |
Online and valid phishing urls from phishtank.com data feed. |
Low |
The
following databases are produced and distributed by SecuriteInfo
Database
Name
|
Description
|
FP
Risk
|
| honeynet.hdb |
Old
malwares not detected |
Low |
| securiteinfoelf.hdb |
Malwares
ELF (Linux executables) |
Low |
| securiteinfosh.hdb |
Malwares SHELL (Linux) |
Low |
| securiteinfopdf.hdb |
Malwares
PDF |
Low |
| securiteinfooffice.hdb |
Malwares
Macros Office |
Low |
| securiteinfohtml.hdb |
Malwares
HTML |
Low |
| securiteinfodos.hdb |
Malwares
MS-DOS |
Low |
| securiteinfobat.hdb |
Malwares
BAT |
Low |
| securiteinfo.hdb |
Malwares
in the Wild |
Low |
The
following databases are produced and distributed by MalwarePatrol
Database
Name
|
Description
|
FP
Risk
|
| mbl.ndb |
URLs
containing of Viruses, Trojans, Worms, or Malware |
Low |
Disclaimer:
Whilst every effort has been made by Sanesecurity to ensure that the signatures
don't lead to false positives, we make no warranty that the signatures will
meet your requirements, be uninterrupted, complete, timely, secure or error
free.
You must therefore use them at your own risk.
|
