|Main Archive Page > Month Archives > clamav-users archives|
Problem seems not to be a ClamAV problem, but ours. Sorry for the noise.
On 8/24/07 2:12 PM, "John W. Baxter" <firstname.lastname@example.org> wrote:
> Daily sigs: 4054; main 44. ClamAv 0.91.2-1
> Installed on CentOS-4.5 from Dag's packages. Freshly updated via the
> packages from the ancient 0.90-2 (also Dag's).
> Called via pyclamav (rebuilt to matching libclamav) in our own code.
Before this escalates further, I need to say: "Oops".
I'm pretty sure our problem lies with us, in particular with our use of pyclamav. pyclamav calls
ret = cl_scanfile(file_to_scan, &virname, &size, root, &limits, CL_SCAN_STDOPT); I haven't looked yet, but I'm guessing that that CL_SCAN_STDOPT (as of some recent ClamAV version) turns on the Phishing URL heuristic detection code.
I'm pretty sure our solution will be to switch to pyclamd instead, whereupon the daemon's careful attention to our clamd.conf settings will correct our problem. (Yes, we could hack pyclamav to pass different flags, but that seems not to be the right approach)
Unless I totally do not understand, this is ***not*** a ClamAv problem, but rather our failure to follow the pyclamav project's rather strong suggestion to switch to pyclamd.
> Setting "PhishingScanURLs no" definitely works on my FreeBSD
> system. Note if you are using clamscan you need to use the
> "--no-phishing-scan-urls" command line option.
caused me to read the pyclamav source code and see the call above.