[clamav-users] submitting phish samples - stripped
Joel Esler (jesler)
jesler at cisco.com
Mon Feb 12 15:08:00 UTC 2018
Generally speaking, it's better for us to have as much detail as possible. Samples that you submit through the website (either one) are not shared with partners (unless you check the "share with partners" checkbox)
--
Joel Esler | Talos: Manager | jesler at cisco.com<mailto:jesler at cisco.com>
On Feb 11, 2018, at 7:16 AM, Matus UHLAR - fantomas <uhlar at fantomas.sk<mailto:uhlar at fantomas.sk>> wrote:
On Feb 8, 2018, at 3:52 AM, Matus UHLAR - fantomas <uhlar at fantomas.sk<mailto:uhlar at fantomas.sk><mailto:uhlar at fantomas.sk>> wrote:
when submitting phish samples, should I use the same form as for malware?
(https://www.clamav.net/reports/malware)
some time ago it contained selection list whether it's malware, phish, false
positive.
Now the page contains forms for malware and false positives - no phishes.
I hope phishes are still to be detected :)
side question: is it fine to strip sample of an e-mail of private data like
recipient mail address, Received: headers etc?
On 08.02.18 18:54, Joel Esler (jesler) wrote:
So, there's two things you can do here, I think. Phish can be submitted to
ClamAV in the same way you submit malware. Phish can also be sent in to
phishtank.com<http://phishtank.com> (also a project ran by my team) which
allows community voting on phish to product a blacklist for users to use.
so, phish samples to clamav, URLs to phishtank.com<http://phishtank.com>.
what about stripping private information, like recipients and Received:
headers - it that fine?
--
Matus UHLAR - fantomas, uhlar at fantomas.sk<mailto:uhlar at fantomas.sk> ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Linux - It's now safe to turn on your computer.
Linux - Teraz mozete pocitac bez obav zapnut.
_______________________________________________
clamav-users mailing list
clamav-users at lists.clamav.net<mailto:clamav-users at lists.clamav.net>
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/contact.html#ml
More information about the clamav-users
mailing list