On 2008-10-02 10:25, Robert Allerstorfer wrote:
> Hi,
> clamscan 0.94 is the first version after 0.9 where the
> "--no-phishing-restrictedscan" option is no more mentioned in the
> output of 'clamscan -h'. However, that option has in fact been removed
> earlier - at least in the 0.93.x versions that option just did nothing
> when specified.
> So now, there are only the options "--phishing-ssl" and
> "--phishing-cloak" remaining if someone wants a higher detection rate
> of *possible* phishings. However, using them did not make any
> difference in my tests as without them. Edwin's mbox test file from
> https://wwws.clamav.net/bugzilla/attachment.cgi?id=141
> will always be detected as Phishing.Heuristics.Email.SpoofedDomain, no
> matter which options are set or not.
> Could someone please give any sample that demonstrates the
> --phishing-* options?

Indeed, --phishing-ssl and --phishing-cloak should work even if the host
is not in the .pdb and
display the proper name.

I fixed this is in SVN r4220, and will be part of 0.94.1 (bug #1211).

You can have a look at these files, and scan it with a .pdb containing a
'H:example.com' line:


I've added these to the unit test too (check_clamscan.sh).

Best regards,
Please submit your patches to our Bugzilla: http://bugs.clamav.net

Reply via email to