[clamav-users] Bank's newsletter tagged as Heuristics.Phishing.Email
Alessandro Vesely
vesely at tana.it
Fri Jul 18 19:28:28 UTC 2014
Hi Steve,
On Fri 18/Jul/2014 19:00:08 +0200 Steven Morgan wrote:
>
> Also, have a look at the document phishsigs_howto.pdf in the ClamAV docs/
> directory. It contains some info on identifying the reason for the phish
> detection and on how to write whitelist signatures.
Hm... why.py doesn't seem to be up to date. But --debug still works.
> You should be able to create a local whitelist, local.wdb for
> example, and add that to your database directory rather than
> modifying daily.wdb.
Correct, thanks. If I create local.wdb having these three lines:
M:www.facebook.com:www.sella.it
M:plus.google.com:www.sella.it
M:www.youtube.com:www.sella.it
then the message is clean. daily.cld already contains similar lines,
but it seems the bank change their html more quickly than database
maintainers can cope with :-/
Note that I already know the sender is whitelisted by DNSWL by the
time I scan. However, keeping two engines, one of which is loaded
without phishing signatures would seem to be overkilling, no?
Any other idea?
Ale
More information about the clamav-users
mailing list