Jonathan Bastien-Filiatrault wrote:
Hi,
I have recently enabled Google Safe Browsing on several of our servers
(we are a small spam filtering company). Many thousand mails go through
these servers each day. ClamAV shows that it now has many more
signatures (1464127+).
Not a single Google Safe Browsing hit was recorded in the ClamAV logs
over several days. My attempts to get a test URL to match have all
failed. The URL I am using for testing is
<http://malware.testing.google.test/testing/malware/>. This link, when
opened in Firefox warns that it is a malicious site. Mail scanning and
other relevant features are enabled.
I have attached the test email that does not match (but should).
Mailman ate the attachment, you may find the file here:
http://x2a.org/pub/misc/gsb.eml
ClamAV version:
ClamAV 0.96.1/11465/Fri Jul 30 07:43:50 2010
Enabled scanning features (as shown in clamd log):
Archive support enabled.
Algorithmic detection enabled.
Portable Executable support enabled.
ELF support enabled.
Mail files support enabled.
OLE2 support enabled.
PDF support enabled.
HTML support enabled.
Phishing config in clamd.conf:
PhishingSignatures true
PhishingScanURLs true
PhishingAlwaysBlockSSLMismatch false
PhishingAlwaysBlockCloak false
SafeBrowsing yes (in freshclam.conf)
Thanks,
Jonathan
------------------------------------------------------------------------
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
