On 8/14/2010 5:30 AM, Török Edwin wrote:
Heuristics.Phishing.* will not stop the scan, and report only if nothing else is found. Other engine detections could be changed to behave the same way. Signature based detections however always stop on first match, and that is not configurable. If you want to ignore certain signature categories, it is best to not load them in the first place. To do that you can unpack the DBs, and remove the sigs you don't want.
What I'm trying to do is let the user decide whether to enable a specific category, so removing the signatures from the database isn't an option for me. For awhile now, our users have been able to use the preferences portal on our website to enable/disable malware checks and/or phishing checks. The malware category is usually a reliable reason to send a message to the bit bucket. While the latter Phishing/Heuristic/Joke categories are more likely to generate a false positive. Perhaps its just me, but I would consider the ability to reliably determine what ClamAV found important.
-- Ladar Levison Lavabit LLC http://lavabit.com _______________________________________________ http://lurker.clamav.net/list/clamav-devel.html Please submit your patches to our Bugzilla: http://bugs.clamav.net
