[clamav-users] Google safebrowsing types and usage questions

Joel Esler (jesler) jesler at cisco.com
Sat Oct 17 12:40:19 UTC 2020 

That documentation lives here: https://github.com/Cisco-Talos/clamav-faq/blob/master/faq/faq-safebrowsing.md

A pull request will allow me to review and approve.  

Sent from my  iPhone

> On Oct 17, 2020, at 07:56, Iulian Stan via clamav-users <clamav-users at lists.clamav.net> wrote:
> 
> 
> Hi Ged,
> 
> Yes, the definition that you can download via freshclam directly from clamav site is outdated ( from 2019).
> 
> You need to use https://github.com/Cisco-Talos/clamav-safebrowsing
> 
> My way to implement this was quite simple and i've also took the advantage of freshclam.
> 
> On one central system i've installed the python/mysql/(other python libraries needed) and copy the generated clamav db to a place which is accessible via http/https.
> Then in every clamav server i've simple added in the freshclam config: DatabaseCustomURL https://blabla.domain.tld/safebrowsing.gdb
> 
> I've expected to have more hits because now-days most of these URLs are used for phishing.
> 
> 
> Sent from my Samsung Galaxy smartphone.
> 
> 
> -------- Original message --------
> From: "G.W. Haywood via clamav-users" <clamav-users at lists.clamav.net>
> Date: 10/17/20 13:39 (GMT+02:00)
> To: Iulian Stan via clamav-users <clamav-users at lists.clamav.net>
> Cc: "G.W. Haywood" <clamav at jubileegroup.co.uk>
> Subject: Re: [clamav-users] Google safebrowsing types and usage questions
> 
> Hi there,
> 
> On Sat, 17 Oct 2020, Iulian Stan via clamav-users wrote:
> > "G.W. Haywood via clamav-users" wrote:
> > 
> >> what's the best place to start?
> > 
> > Definitions are stored in mysql and only the delta is downloaded
> > from google. After the download is successfully and the mysql data
> > is up-to-date you can generate the file for clamav.  Basically you
> > have two scripts:clamsbsync.py to update the mysql db from
> > googleclamsbwrite.py to create the .gdb file ...
> 
> Thanks, that's a very clear explanation.  So instead of using freshclam
> you just need to install mysql, Python, and some scripts.  Hmmm...
> 
> > don't put too much faith in safebrowsing database. I rarely have any
> > hit even if there are almost 3 milion of signatures. In contrast i
> > have way more many hits with Sanesecurity.
> 
> Perhaps this DB would be more important for people who use on-access
> scanning and are less fastidious in their browsing habits.
> 
> -- 
> 
> 73,
> Ged.
> 
> _______________________________________________
> 
> clamav-users mailing list
> clamav-users at lists.clamav.net
> https://lists.clamav.net/mailman/listinfo/clamav-users
> 
> 
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
> 
> http://www.clamav.net/contact.html#ml
> 
> _______________________________________________
> 
> clamav-users mailing list
> clamav-users at lists.clamav.net
> https://lists.clamav.net/mailman/listinfo/clamav-users
> 
> 
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
> 
> http://www.clamav.net/contact.html#ml
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.clamav.net/pipermail/clamav-users/attachments/20201017/2a440713/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 1872 bytes
Desc: not available
URL: <https://lists.clamav.net/pipermail/clamav-users/attachments/20201017/2a440713/attachment.bin>

More information about the clamav-users mailing list