[clamav-users] Bank's newsletter tagged as Heuristics.Phishing.Email
smorgan at sourcefire.com
Mon Jul 21 15:10:03 EDT 2014
Agreed. You can submit fp's and help keep the databases current by sending
the messages to this website:
On Fri, Jul 18, 2014 at 3:28 PM, Alessandro Vesely <vesely at tana.it> wrote:
> Hi Steve,
> On Fri 18/Jul/2014 19:00:08 +0200 Steven Morgan wrote:
> > Also, have a look at the document phishsigs_howto.pdf in the ClamAV docs/
> > directory. It contains some info on identifying the reason for the phish
> > detection and on how to write whitelist signatures.
> Hm... why.py doesn't seem to be up to date. But --debug still works.
> > You should be able to create a local whitelist, local.wdb for
> > example, and add that to your database directory rather than
> > modifying daily.wdb.
> Correct, thanks. If I create local.wdb having these three lines:
> then the message is clean. daily.cld already contains similar lines,
> but it seems the bank change their html more quickly than database
> maintainers can cope with :-/
> Note that I already know the sender is whitelisted by DNSWL by the
> time I scan. However, keeping two engines, one of which is loaded
> without phishing signatures would seem to be overkilling, no?
> Any other idea?
> Help us build a comprehensive ClamAV guide:
More information about the clamav-users