+++ /dev/null
-<!-- @(#) $Id: ./etc/rules/mailscanner_rules.xml, 2011/09/08 dcid Exp $
-
- - Example of MailScanner rules for OSSEC.
- -
- - Copyright (C) 2009 Trend Micro Inc.
- - All rights reserved.
- -
- - This program is a free software; you can redistribute it
- - and/or modify it under the terms of the GNU General Public
- - License (version 2) as published by the FSF - Free Software
- - Foundation.
- -
- - License details: http://www.ossec.net/en/licensing.html
- -->
-
-
-<group name="syslog,mailscanner,">
- <rule id="3700" level="0">
- <decoded_as>mailscanner</decoded_as>
- <description>Grouping of mailscanner rules.</description>
- </rule>
-
- <rule id="3701" level="0">
- <if_sid>3700</if_sid>
- <action>not</action>
- <description>Non spam message. Ignored.</description>
- </rule>
-
- <rule id="3702" level="5">
- <if_sid>3700</if_sid>
- <action>spam</action>
- <description>Mail Scanner spam detected.</description>
- <group>spam,</group>
- </rule>
-
- <rule id="3751" level="6" frequency="6" timeframe="180">
- <if_matched_sid>3702</if_matched_sid>
- <same_source_ip />
- <description>Multiple attempts of spam.</description>
- <group>multiple_spam,</group>
- </rule>
-
- <rule id="3752" level="0">
- <if_sid>1002</if_sid>
- <program_name>update.bad.phishing.sites</program_name>
- <match>^Phishing bad sites list updated</match>
- <description>ignore</description>
- </rule>
-
-</group> <!-- SYSLOG,MAILSCANNER -->
-