|Main Archive Page > Month Archives > clamav-users archives|
At 02:49 PM 8/27/2007, John W. Baxter wrote:
> 1. Mail from Yahoo groups (or some mail from Yahoo groups) being marked
>as Phishing (for URL reasons)
> 2. Same for a Seattle Times mailing list.
> 3. Same for a Democracy in Action mailing.
> 4. Customer (unwise, usually) forwarding of messages with URLs being
>marked as Phishing although they came in unscathed.
Please submit samples to the clamav team so the FPs can be resolved.
>We're about to install emergency code which will initially ignore all
>Phishing "hits", but is written so we can be more selective. (It can ignore
>any particular hit--tested with EICAR.)
That sounds as if it may be generally useful.
>Should the following settings have the effect of disabling any detection
>regarding Phishing? (Actually, I don't think the signature-based phishing
>detection is causing our problems.)
># Scan urls found in mails for phishing attempts.
># (available in experimental builds only)
># Default: yes
Setting "PhishingScanURLs no" definitely works on my FreeBSD system. Note if you are using clamscan you need to use the "--no-phishing-scan-urls" command line option.
does the command
# clamconf | grep Phish
show the expected settings?
Does the command
# clamconf | grep conf
show the expected path names?
When you test some file manually with clamscan and/or clamdscan does it work as expected?
Unfortunately, clamd doesn't seem to log (all) options on startup, so the log isn't terribly useful this time. -- Noel Jones _______________________________________________ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html