Noel Jones wrote: > Darren G Pifer wrote: >> Chambers, Phil wrote: >>> Take a look at >>> >>> http://iserv.rs-hilter.de/doc/clamav-0.91.2/signatures.pdf >>> >> I have seen this document but it does not show how to add signatures >> to a database OR for clamd to detect the phishing e-mail. I was able >> to create the signature (a .hbd file) and clamscan detects the phishing >> but clamd does not. Maybe I am missing something. >> > > If the sig works with clamscan, it will also work with clamdscan. > Clamd must be stopped and restarted to recognize new signature > files. > > Make sure you have the latest version of clamav. > >
I think there are times when a milter might pull an incoming message apart and submit it in pieces to clamd that creates a different situation than scanning a message that is whole, and stored as a disk file. In this case two entirely different objects are being scanned, and depending on the way the signature was defined, there can be differences in the results. dp _______________________________________________ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
