On Tue, 30 Nov 2010 17:46:49 +0800 Tony Zhai <tonyz...@gmail.com> wrote:
> I have three questions about Heuristic Scan in ClamAV . > 1.What type of file will be scanned as a Heuristic scan? All engine detections (as opposed to signature-based) are prefixed with Heuristics. > 2.How can I configure the Heuristic function with enable or disable? Depends on category, you can enable/disable these in clamd.conf: ArchiveBlockEncrypted: Heuristics.Encrypted.RAR Heuristics.Encrypted.Zip OLE2BlockMacros: Heuristics.OLE2.ContainsMacros PhishingScanURLs: Heuristics.Phishing.Email Heuristics.Phishing.Email.Cloaked.Null Heuristics.Phishing.Email.Cloaked.NumericIP Heuristics.Phishing.Email.Cloaked.Username Heuristics.Phishing.Email.SpoofedDomain Heuristics.Phishing.Email.SSL-Spoof Heuristics.Phishing.URL.Blacklisted SafeBrowsing (freshclam.conf): Heuristics.Safebrowsing.Suspected-malware_safebrowsing.clamav.net Heuristics.Safebrowsing.Suspected-phishing_safebrowsing.clamav.net StructuredDataDetection: Heuristics.Structured.CreditCardNumber Heuristics.Structured.SSN AlgorithmicDetection: Heuristics.Exploit.W32.MS04-028 Heuristics.Exploit.W32.MS05-002 Heuristics.PDF.ObfuscatedNameObject Heuristics.Trojan.Swizzor.Gen Heuristics.W32.Kriz Heuristics.W32.Magistr.A Heuristics.W32.Magistr.A.dam Heuristics.W32.Magistr.B Heuristics.W32.Magistr.B.dam Heuristics.W32.Parite.B Heuristics.W32.Polipos.A Heuristics.Worm.Mydoom.M.log > 3.How can I get some files that can test the Heuristic function? Depends on category again. For Heuristics.Encrypted.RAR you can create an encrypted file yourself. Which one do you want to test? Best regards, --Edwin _______________________________________________ http://lurker.clamav.net/list/clamav-devel.html Please submit your patches to our Bugzilla: http://bugs.clamav.net
