clamav-users August 2011 archive
Main Archive Page > Month Archives  > clamav-users archives
clamav-users: Re: [clamav-users] Phishing.Heuristics.Email.Spoof

Re: [clamav-users] Phishing.Heuristics.Email.SpoofedDomain

From: Török Edwin <edwin_at_nospam>
Date: Tue Aug 02 2011 - 07:23:50 GMT
To: clamav-users@lists.clamav.net

On 2011-08-02 02:56, Al Varnell wrote:
> On Jul 26, 2011, at 2:06 PM, Török Edwin <edwin@clamav.net> wrote:
>
>> On 07/26/2011 11:59 PM, Al Varnell wrote:
>>> Is there something going on with subject infections? I see that it's listed
>>> on the clamav home page as a "Current Threat". We got several users asking
>>> about this in the ClamXav Forum (including a Linux user?) and I can't seem
>>> to find it in the signature database any more.
>>>
>>
>> It is an engine detection (actually it is Heuristics.Phishing.Email.SpoofedDomain).
>> All engine detections are prefixed with 'Heuristics.'.
>>
>> This detection is for phishing emails, you can look in daily.pdb to see a list of 'protected' domains
>> (i.e. if a phishing email targets one of those domains we should detect it).
>
> Thanks for that explanation, that helps a lot.
>
> Is there any reason why clamscan would be making such detections and clamd not?

Maybe someone edited clamd.conf and turned off phishing detection? (PhishingScanURLs no).
clamscan uses the default settings that can be overriden by command-line flags, it doesn't use the clamd.conf settings.

Best regards,
--Edwin
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml