| Main Archive Page > Month Archives > clamav-users archives |
Re: [clamav-users] multiple viruses detected
From: Török Edwin <edwintorok_at_nospam>Date: Mon Feb 13 2012 - 14:12:41 GMT
To: clamav-users@lists.clamav.net
On 02/13/2012 04:01 PM, Matus UHLAR - fantomas wrote:
>> On Mon, Feb 13, 2012 at 12:15:02PM +0100, Matus UHLAR - fantomas wrote:
>>> What I need is to pass phishes sent to one particular address
>>> (abuse@, since we should knnow when our customers send phishes)
>
> On 13.02.12 13:45, Henri Salo wrote:
>> You might be looking for these arguments of clamscan. You can also control this in clamd.conf. Default is marked as "(*)".
>
> I am not looking for any currently existing arguments to clam(d)scan nor clamd. With them, the only possible way of checking for phishes etc is to scan twice - once with phishingsignatures, once
> without them.
>
> This is not nice no matter if I call clamscan (which takes long to load the signature database), or clamd (would require 2 clamd processes running), or combination of these two.
>
Try --heuristic-scan-precedence=yes (similar clamd option exists too).
It will cause ClamAV to stop and report on the first Heuristics.* match it finds. Phishing is part of Heuristics.*
The default behaviour is 'no', so when it sees a Heuristics.* it keeps scanning and if a malware is found,
then that is reported instead of the Heuristics.
The problem is that Heuristics.* is not only phishing, but some other stuff as well.
Best regards,
--Edwin
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml