Re: [Clamav-users] Phishing detection on downloaded pages

From: Török Edwin <edwintorok_at_nospam>
Date: Wed Dec 09 2009 - 18:13:18 GMT
To: ClamAV users ML <clamav-users@lists.clamav.net>

On 2009-12-07 19:21, Sundara Kaku wrote:
> Hi,
>
> I have a special requirement where I want to scan downloaded pages from
> website for phishing detection, ex: i use httracker to download a website or
> wget to download a particular website and i want scan that webpage for
> phishing detection. I am using ClamAV 0.95.1/10117 i have the following
> files under /var/lib/clamav folder
>
> main.cld
> clamav-0980f9eff474c2c5b63601cd16a87374
> daily.cld
> safebrowsing.cld

Safebrowsing is only used for links sent in emails. But since you are scanning webpages,
firefox should already check the URL against safebrowsing db.

> mirrors.dat
> the following are settings in clamd.conf
>
> PhishingSignatures true
> PhishingScanURLs true
> PhishingAlwaysBlockSSLMismatch false
> PhishingAlwaysBlockCloak true
>

The heuristic phishing detector only works on html files inside mails, and most of the phishing signatures too.

Right now there isn't any support for detecting a phishing website by scanning it, there is only support for detecting links to phishing websites in emails.

Best regards,
--Edwin

Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml

This message: [ Message body ]
Next message: Sundara Kaku: "Re: [Clamav-users] Phishing detection on downloaded pages"
Previous message: Török Edwin: "Re: [Clamav-users] clamd misses some zipped virus"
In reply to: Sundara Kaku: "[Clamav-users] Phishing detection on downloaded pages"
Next in thread: Jari Fredriksson: "Re: [Clamav-users] Phishing detection on downloaded pages"
Reply: Jari Fredriksson: "Re: [Clamav-users] Phishing detection on downloaded pages"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ]