On 2011-08-02 02:56, Al Varnell wrote: > On Jul 26, 2011, at 2:06 PM, Török Edwin <ed...@clamav.net> wrote: > >> On 07/26/2011 11:59 PM, Al Varnell wrote: >>> Is there something going on with subject infections? I see that it's listed >>> on the clamav home page as a "Current Threat". We got several users asking >>> about this in the ClamXav Forum (including a Linux user?) and I can't seem >>> to find it in the signature database any more. >>> >> >> It is an engine detection (actually it is >> Heuristics.Phishing.Email.SpoofedDomain). >> All engine detections are prefixed with 'Heuristics.'. >> >> This detection is for phishing emails, you can look in daily.pdb to see a >> list of 'protected' domains >> (i.e. if a phishing email targets one of those domains we should detect it). > > Thanks for that explanation, that helps a lot. > > Is there any reason why clamscan would be making such detections and clamd > not?
Maybe someone edited clamd.conf and turned off phishing detection? (PhishingScanURLs no). clamscan uses the default settings that can be overriden by command-line flags, it doesn't use the clamd.conf settings. Best regards, --Edwin _______________________________________________ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
