[clamav-users] submitting phish samples - stripped
Joel Esler (jesler)
jesler at cisco.com
Thu Feb 8 18:54:40 UTC 2018
So, there's two things you can do here, I think. Phish can be submitted to ClamAV in the same way you submit malware. Phish can also be sent in to phishtank.com<http://phishtank.com> (also a project ran by my team) which allows community voting on phish to product a blacklist for users to use.
--
Joel Esler | Talos: Manager | jesler at cisco.com<mailto:jesler at cisco.com>
On Feb 8, 2018, at 3:52 AM, Matus UHLAR - fantomas <uhlar at fantomas.sk<mailto:uhlar at fantomas.sk>> wrote:
Hello,
when submitting phish samples, should I use the same form as for malware?
(https://www.clamav.net/reports/malware)
some time ago it contained selection list whether it's malware, phish, false
positive.
Now the page contains forms for malware and false positives - no phishes.
I hope phishes are still to be detected :)
side question: is it fine to strip sample of an e-mail of private data like
recipient mail address, Received: headers etc?
--
Matus UHLAR - fantomas, uhlar at fantomas.sk<mailto:uhlar at fantomas.sk> ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
"Two words: Windows survives." - Craig Mundie, Microsoft senior strategist
"So does syphillis. Good thing we have penicillin." - Matthew Alton
_______________________________________________
clamav-users mailing list
clamav-users at lists.clamav.net<mailto:clamav-users at lists.clamav.net>
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/contact.html#ml
More information about the clamav-users
mailing list