Greetings,
Can someone please tell me how ClamAV goes about phishing detection? I presume
it has something to do with libcurl going out to a web site and some checks
being performed on whatever is returned.
We have had several phishes get through -- most appear to be Google, About, or
Ebay redirects, such as:
href="http://www.google.com/url?sa=U&q=http://81.196.204.130:82/webscr/index.php";
(A PayPal phish.)
Sites were hot at the time the messages were received, so either my concept of
how ClamAV blocks phishing is wrong or the detection method is not as generic
as I would have thought.
Also, I would add that I have submitted a few of these phishes to ClamAV's
virus submission and they all seem to get discarded without comment.
Any info appreciated!
Jon Kibler
--
Jon R. Kibler
Chief Technical Officer
A.S.E.T., Inc.
Charleston, SC USA
(843) 849-8214
==================================================
Filtered by: TRUSTEM.COM's Email Filtering Service
http://www.trustem.com/
No Spam. No Viruses. Just Good Clean Email.
_______________________________________________
http://lurker.clamav.net/list/clamav-users.html
