On 2009-01-07 19:49, John Horne wrote: > Hello, > > I'm new to clamav, and using 0.94.2. It seems that the clamscan command > no longer recognises the '--phishing-strict-url-check' option. However, > I can find no mention of it being removed in the Changelog file (I can > find an entry that indicates it's name was changed from something else, > so it obviously did exist before). > >
It was dropped, as strict is the default. > Additionally, the current 'Phishing signatures creation HOWTO' document > makes reference to a contributed script called 'why.py' (in section > 3.3.1). This script too does not seem to be present with 0.94.2. I got a > copy of the script from elsewhere, but it uses the above clamscan > option. > It is in contrib/phishing/, I haven't updated the script in a while though. > At the moment I have an MTA which just logs whatever clamav finds. > However, given something like 'Phishing.Heuristics.Email.SpoofedDomain', > I wanted to know what it actually was that clamav was checking to cause > this result. So, the HOWTO document mentioned about finding out why > false-positives were flagged as such (using the why.py) script, but, as > mentioned, that script seems to now use an unknown CLI option. Is there > any other way to find out what actual tests are being done? > clamscan --debug, and look for urls there. Best regards, --Edwin _______________________________________________ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
