[clamav-users] Can't detect deceptive URL's as infected !!

Dennis Peterson dennispe at inetnw.com
Thu Dec 6 03:21:13 EST 2018


You should probably look at http://uribl.com/ for this problem. ClamAV is 
targeted toward viruses and malware in email. The uribl process uses DNS just 
like DNS blacklists, is fairly light weight, and well maintained.

dp

On 12/5/18 11:33 PM, Sunny Marwah wrote:
> Hello Team,
>
> We are using clamav-0.100.2 to scan few HTML email templates.
>
> Sometimes, there are deceptive URL's mentioned in those templates and that 
> template should be detected as infected via ClamAV scan process.
>
> I can see weird output of ClamAV scan process. Sometimes it detect such 
> templates as infected and sometimes, it does not detect them as infected. And 
> the URL's i am talking about, are so deceptive that even Google chrome browser 
> don't let us open these URL's and show us clear warning as "Dangerous" about 
> deceptive website.
>
> Can you put your views behind such unpredictable behavior ?
>
> If you want then i can report such URL's on your malware link for reporting.
>
> Regards
> Sunny
>
>
>
>
> _______________________________________________
> clamav-users mailing list
> clamav-users at lists.clamav.net
> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.clamav.net/pipermail/clamav-users/attachments/20181206/aa4adca1/attachment.html>


More information about the clamav-users mailing list