On 2008-07-08 10:29, Victor Sudakov wrote: > Matus UHLAR - fantomas wrote: > >>> I upgraded ClamAV from 0.91.2 to 0.93.1 and found out that the >>> PhishingRestrictedScan option is gone. >>> >>> I have always used PhishingRestrictedScan=no, how can I have the same >>> behaviour in 0.93.1? I don't mind some FPs because of this setting. >>> >> I don't remember exactly what did it do, >> > > PhishingRestrictedScan BOOL > Use phishing detection only for domains listed in the .pdb data- > base. It is not recommended to have this option turned off, > because scanning of all domains may lead to many false posi- > tives! > Default: yes > > > >> but are currenc Phish* settings insufficient to you? >> > > Yes, they are insufficient. I have always had PhishingRestrictedScan=no > and ClamAV did a good job of catching phishing in all domains, not > only those listed in the database.
You can obtain the functionality of PhishingRestrictedScan=no by listing all top level domains in a .pdb file, like so: H:com H:ru .... However keep in mind that this causes many false positives (especially legit newsletters are considered phishing as well). > After the upgrade, my users started > receiving many phishing mails from some .ru domains: > > # grep -a ^H /var/db/clamav/daily.cld | grep -c "\.ru" > 0 Please submit a sample: http://www.clamav.org/sendvirus/ Best regards, --Edwin _______________________________________________ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
