At 9:31 PM +0200 12/11/09, Török Edwin wrote:
On 2009-12-11 21:14, Tom Shaw wrote:
At 3:53 PM +0200 12/10/09, Török Edwin wrote:
>> On 2009-12-10 15:41, Sundara Kaku wrote:
The heuristic phishing detector only works on emails correctly, not
websites by design, hence there is no point
in running it on downloaded webpages. Why? Because a phishing email
contains a link <a href="...evilurl..."> email of banksite </a>,
a phishing website will contain a login form looking similar to a banksite.
These are very different things.
True, but we have seen phishing sites that start
with a front page that does contain links like <a
href="...evilurl..."> update you data </a> so
disabling the heuristic phishing detector would
be counter productive.
Safebrowsing was only used on links found in emails by design, links
found in other HTML files are not checked to improve performance,
and because there are other ways to protect web browsers from malicious
URLs listed in the safebrowsing DB in near realtime (for example firefox).
Again this doesn't help when scanning a server for planted files etc.
Possible these should be options for clamdscan
and clamscan for file based scanning?
Tom
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
