T?r?k Edwin wrote: > > > >>> I upgraded ClamAV from 0.91.2 to 0.93.1 and found out that the > >>> PhishingRestrictedScan option is gone. > >>> > >>> I have always used PhishingRestrictedScan=no, how can I have the same > >>> behaviour in 0.93.1? I don't mind some FPs because of this setting. > >>> > >> I don't remember exactly what did it do, > >> > > > > PhishingRestrictedScan BOOL > > Use phishing detection only for domains listed in the .pdb data- > > base. It is not recommended to have this option turned off, > > because scanning of all domains may lead to many false posi- > > tives! > > Default: yes > > > > > > > >> but are currenc Phish* settings insufficient to you? > >> > > > > Yes, they are insufficient. I have always had PhishingRestrictedScan=no > > and ClamAV did a good job of catching phishing in all domains, not > > only those listed in the database. > > You can obtain the functionality of PhishingRestrictedScan=no by listing > all top level domains in a .pdb file, like so: > H:com > H:ru > ....
I get the idea, but the problem is there is no separate .pdb file in 0.93.1, everything is inside the .cld container. Can I include my own .pdb files? > > However keep in mind that this causes many false positives (especially > legit newsletters are considered phishing as well). > > > After the upgrade, my users started > > receiving many phishing mails from some .ru domains: > > > > # grep -a ^H /var/db/clamav/daily.cld | grep -c "\.ru" > > 0 > > Please submit a sample: http://www.clamav.org/sendvirus/ I will, but phishers work faster. It is one of the cases when heuristics is better than a database. -- Victor Sudakov, VAS4-RIPE, VAS47-RIPN sip:[EMAIL PROTECTED] _______________________________________________ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
