[clamav-users] submitting phish samples - stripped
Matus UHLAR - fantomas
uhlar at fantomas.sk
Sun Feb 11 12:16:27 UTC 2018
>On Feb 8, 2018, at 3:52 AM, Matus UHLAR - fantomas <uhlar at fantomas.sk<mailto:uhlar at fantomas.sk>> wrote:
>when submitting phish samples, should I use the same form as for malware?
>(https://www.clamav.net/reports/malware)
>some time ago it contained selection list whether it's malware, phish, false
>positive.
>Now the page contains forms for malware and false positives - no phishes.
>
>I hope phishes are still to be detected :)
>
>side question: is it fine to strip sample of an e-mail of private data like
>recipient mail address, Received: headers etc?
On 08.02.18 18:54, Joel Esler (jesler) wrote:
>So, there's two things you can do here, I think. Phish can be submitted to
> ClamAV in the same way you submit malware. Phish can also be sent in to
> phishtank.com (also a project ran by my team) which
> allows community voting on phish to product a blacklist for users to use.
so, phish samples to clamav, URLs to phishtank.com.
what about stripping private information, like recipients and Received:
headers - it that fine?
--
Matus UHLAR - fantomas, uhlar at fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Linux - It's now safe to turn on your computer.
Linux - Teraz mozete pocitac bez obav zapnut.
More information about the clamav-users
mailing list