1 <!-- @(#) $Id: mailscanner_rules.xml,v 1.6 2009/06/24 17:06:19 dcid Exp $
2 - Example of MailScanner rules for OSSEC.
4 - Copyright (C) 2009 Trend Micro Inc.
7 - This program is a free software; you can redistribute it
8 - and/or modify it under the terms of the GNU General Public
9 - License (version 3) as published by the FSF - Free Software
12 - License details: http://www.ossec.net/en/licensing.html
16 <group name="syslog,mailscanner,">
17 <rule id="3700" level="0">
18 <decoded_as>mailscanner</decoded_as>
19 <description>Grouping of mailscanner rules.</description>
22 <rule id="3701" level="0">
25 <description>Non spam message. Ignored.</description>
28 <rule id="3702" level="5">
31 <description>Mail Scanner spam detected.</description>
35 <rule id="3751" level="6" frequency="6" timeframe="180">
36 <if_matched_sid>3702</if_matched_sid>
38 <description>Multiple attempts of spam.</description>
39 <group>multiple_spam,</group>
41 </group> <!-- SYSLOG,MAILSCANNER -->