On 2008-10-02 10:25, Robert Allerstorfer wrote: > Hi, > > clamscan 0.94 is the first version after 0.9 where the > "--no-phishing-restrictedscan" option is no more mentioned in the > output of 'clamscan -h'. However, that option has in fact been removed > earlier - at least in the 0.93.x versions that option just did nothing > when specified. > > So now, there are only the options "--phishing-ssl" and > "--phishing-cloak" remaining if someone wants a higher detection rate > of *possible* phishings. However, using them did not make any > difference in my tests as without them. Edwin's mbox test file from > https://wwws.clamav.net/bugzilla/attachment.cgi?id=141 > will always be detected as Phishing.Heuristics.Email.SpoofedDomain, no > matter which options are set or not. > > Could someone please give any sample that demonstrates the > --phishing-* options? >
Indeed, --phishing-ssl and --phishing-cloak should work even if the host is not in the .pdb and display the proper name. I fixed this is in SVN r4220, and will be part of 0.94.1 (bug #1211). You can have a look at these files, and scan it with a .pdb containing a 'H:example.com' line: http://svn.clamav.net/svn/clamav-devel/trunk/unit_tests/input/phish-test-clean http://svn.clamav.net/svn/clamav-devel/trunk/unit_tests/input/phish-test-cloak http://svn.clamav.net/svn/clamav-devel/trunk/unit_tests/input/phish-test-ssl I've added these to the unit test too (check_clamscan.sh). Best regards, --Edwin _______________________________________________ http://lurker.clamav.net/list/clamav-devel.html Please submit your patches to our Bugzilla: http://bugs.clamav.net
