On Tue, Dec 15, 2009 at 12:16:52PM +0200, Jari Fredriksson wrote: > > > On 9.12.2009 20:13, Török Edwin wrote: > > On 2009-12-07 19:21, Sundara Kaku wrote: > >> Hi, > >> > >> I have a special requirement where I want to scan downloaded pages from > >> website for phishing detection, ex: i use httracker to download a website > >> or > >> wget to download a particular website and i want scan that webpage for > >> phishing detection. I am using ClamAV 0.95.1/10117 i have the following > >> files under /var/lib/clamav folder > >> > >> main.cld > >> clamav-0980f9eff474c2c5b63601cd16a87374 > >> daily.cld > >> safebrowsing.cld > > > > Safebrowsing is only used for links sent in emails. But since you are > > scanning webpages, > > firefox should already check the URL against safebrowsing db. > > > >> mirrors.dat > >> the following are settings in clamd.conf > >> > >> PhishingSignatures true > >> PhishingScanURLs true > >> PhishingAlwaysBlockSSLMismatch false > >> PhishingAlwaysBlockCloak true > >> > > > > The heuristic phishing detector only works on html files inside mails, > > and most of the phishing signatures too. > > > > Right now there isn't any support for detecting a phishing website by > > scanning it, there is only support for detecting > > links to phishing websites in emails. > > > > The solution would be some web proxy like SafeSquid > http://www.safesquid.com/ > > It's not free, but it is there if needed.
How does that exactly help the OP finding phishes? Most of the signatures still only scan emails. Sure, for general http virus scanning you could use HAVP etc. _______________________________________________ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
