[clamav-users] Can't detect deceptive URL's as infected !!

Dennis Peterson dennispe at inetnw.com
Thu Dec 6 03:21:13 EST 2018

You should probably look at http://uribl.com/ for this problem. ClamAV is 
targeted toward viruses and malware in email. The uribl process uses DNS just 
like DNS blacklists, is fairly light weight, and well maintained.


On 12/5/18 11:33 PM, Sunny Marwah wrote:
> Hello Team,
> We are using clamav-0.100.2 to scan few HTML email templates.
> Sometimes, there are deceptive URL's mentioned in those templates and that 
> template should be detected as infected via ClamAV scan process.
> I can see weird output of ClamAV scan process. Sometimes it detect such 
> templates as infected and sometimes, it does not detect them as infected. And 
> the URL's i am talking about, are so deceptive that even Google chrome browser 
> don't let us open these URL's and show us clear warning as "Dangerous" about 
> deceptive website.
> Can you put your views behind such unpredictable behavior ?
> If you want then i can report such URL's on your malware link for reporting.
> Regards
> Sunny
> _______________________________________________
> clamav-users mailing list
> clamav-users at lists.clamav.net
> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
> http://www.clamav.net/contact.html#ml

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.clamav.net/pipermail/clamav-users/attachments/20181206/aa4adca1/attachment.html>

More information about the clamav-users mailing list