[clamav-users] PhishingScanURLs no/yes
Paul
paul at netpresto.co.uk
Mon Aug 10 14:53:22 UTC 2020
On 10/08/2020 15:10, G.W. Haywood via clamav-users wrote:
> Hi there,
>
> On Mon, 10 Aug 2020, Paul via clamav-users wrote:
>
>> Can anybody explain why when "PhishingScanURLs no " I get Loaded
>> 9042923 signatures in logs and when "PhishingScanURLs yes" I get
>> Loaded 11256306 signatures
>>
>> I would have expected the difference to be the count of urls in
>> daily.pdb (263) not 2,213,383. What else is not getting loaded when
>> "PhishingScanURLs no" is set.
>
> I suspect at least one fundamental misunderstanding. It isn't clear
> to me how you have reached the conclusion that the 'PhishingScanURLs'
> configuration option should have the effect which you describe (nor is
> it clear why you mention only 'daily.pdb'). ClamAV signatures have a
> complex structure. Without a good understanding of it, you'll find it
> difficult to work with them. Please see the documentation, especially
>
> http://www.clamav.net/documents/phishsigs#hints
>
> which should explain why the number of URLs which you have counted (by
> _whatever_ method) in any of the signature databases is not relevant
> to the observed difference in the numbers of signatures loaded.
>
> The entry for the 'PhishingScanURLs' configuration option in the man
> page for clamd.conf may also help.
>
> Apart from curiosity, is there some deeper reason behind the question
> such as memory consumption, performance, vulnerability, ...? It's a
> great deal more important to understand the limitations and potential
> downsides of enabling certain features than it is to count signatures.
> I'm tempted to say that a bare signature count is, to all intents and
> purposes, more or less meaningless.
>
Hi
Further digging has led me to find that when 'PhishingScanURLs no" is
set the signatures in safebrowsing.cld are not loaded by clamd.
paule at larch:clamscan -d safebrowsing.cld /etc/hosts
/etc/hosts: OK
----------- SCAN SUMMARY -----------
Known viruses: 2213119
Engine version: 0.102.4
Scanned directories: 0
Scanned files: 1
Infected files: 0
Data scanned: 0.00 MB
Data read: 0.00 MB (ratio 0.00:1)
Time: 3.954 sec (0 m 3 s)
Thanks Paul
More information about the clamav-users
mailing list