new upstream release (3.3.0); modify package compatibility for Stretch

[ossec-hids.git] / debian / ossec-hids / var / ossec / rules / mailscanner_rules.xml

diff --git a/debian/ossec-hids/var/ossec/rules/mailscanner_rules.xml b/debian/ossec-hids/var/ossec/rules/mailscanner_rules.xml
new file mode 100644 (file)
index 0000000..eae1f6f
--- /dev/null
+++ b/debian/ossec-hids/var/ossec/rules/mailscanner_rules.xml
@@ -0,0 +1,51 @@
+<!-- @(#) $Id: ./etc/rules/mailscanner_rules.xml, 2011/09/08 dcid Exp $
+
+  -  Example of MailScanner rules for OSSEC.
+  -
+  -  Copyright (C) 2009 Trend Micro Inc.
+  -  All rights reserved.
+  -
+  -  This program is a free software; you can redistribute it
+  -  and/or modify it under the terms of the GNU General Public
+  -  License (version 2) as published by the FSF - Free Software
+  -  Foundation.
+  -
+  -  License details: http://www.ossec.net/en/licensing.html
+  -->
+
+
+<group name="syslog,mailscanner,">
+  <rule id="3700" level="0">
+    <decoded_as>mailscanner</decoded_as>
+    <description>Grouping of mailscanner rules.</description>
+  </rule>
+  
+  <rule id="3701" level="0">
+    <if_sid>3700</if_sid>
+    <action>not</action>
+    <description>Non spam message. Ignored.</description>
+  </rule>
+
+  <rule id="3702" level="5">
+    <if_sid>3700</if_sid>
+    <action>spam</action>
+    <description>Mail Scanner spam detected.</description>
+    <group>spam,</group>
+  </rule>
+
+  <rule id="3751" level="6" frequency="6" timeframe="180">
+    <if_matched_sid>3702</if_matched_sid>
+    <same_source_ip />
+    <description>Multiple attempts of spam.</description>
+    <group>multiple_spam,</group>
+  </rule>
+
+  <rule id="3752" level="0">
+      <if_sid>1002</if_sid>
+      <program_name>update.bad.phishing.sites</program_name>
+      <match>^Phishing bad sites list updated</match>
+      <description>ignore</description>
+  </rule>
+
+</group> <!-- SYSLOG,MAILSCANNER -->
+