T?r?k Edwin wrote: > >>> > >>>>> I upgraded ClamAV from 0.91.2 to 0.93.1 and found out that the > >>>>> PhishingRestrictedScan option is gone. > >>>>> > >>>>> I have always used PhishingRestrictedScan=no, how can I have the same > >>>>> behaviour in 0.93.1? I don't mind some FPs because of this setting. > >>>>> > >>>>> > >>>> I don't remember exactly what did it do, > >>>> > >>>> > >>> PhishingRestrictedScan BOOL > >>> Use phishing detection only for domains listed in the .pdb data- > >>> base. It is not recommended to have this option turned off, > >>> because scanning of all domains may lead to many false posi- > >>> tives! > >>> Default: yes > >>> > >>> > >>> > >>> > >>>> but are currenc Phish* settings insufficient to you? > >>>> > >>>> > >>> Yes, they are insufficient. I have always had PhishingRestrictedScan=no > >>> and ClamAV did a good job of catching phishing in all domains, not > >>> only those listed in the database. > >>> > >> You can obtain the functionality of PhishingRestrictedScan=no by listing > >> all top level domains in a .pdb file, like so: > >> H:com > >> H:ru > >> .... > >> > > > > I get the idea, but the problem is there is no separate .pdb file in > > 0.93.1, everything is inside the .cld container. Can I include my own > > .pdb files? > > > > You can put your own .pdb file into clamav's DB dir, and it should be > loaded automatically.
Great news! Thank you very much! Worked for me. Now the sample mails I have collected are detected as Phishing.Heuristics.Email.SpoofedDomain -- Victor Sudakov, VAS4-RIPE, VAS47-RIPN sip:[EMAIL PROTECTED] _______________________________________________ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
