On 10/3/06, Robert Allerstorfer <[EMAIL PROTECTED]> wrote:
Hi,
Reading phishsigs_howto.pdf from the latest snapshot tarball, it says
that each line must consist of *three* fields, in the form
Flags RealURL DisplayedURL
Is there an updated documentation where the two-fields form will be
explained?
There will be changes to the .pdb/.wdb format, and after that the
documentation will be updated.
For now the only change is: The two-field form, is valid only for type
'H', and means:
match the host part of realURL, i.e. displayedURL can be anything.
(2) How can yet undetected phishings be submitted to the project?
Submit a sample: http://cgi.clamav.net/sendvirus.cgi, following the
rules on that page.
(3) The phishsigs_howto.pdf states if loading of the whitelist
database (daily.wdb) fails, the phishing checks will be disabled
entirely. However, there is no .wdb at all in the current .cvd, so how
gets the white list really involved?
Currently there is no whitelist, but phishing checks will still be
done: the loading doesn't fail , because there is nothing to load ;)
Best regards,
Edwin
_______________________________________________
http://lurker.clamav.net/list/clamav-users.html
