On 02/13/2012 04:01 PM, Matus UHLAR - fantomas wrote: >> On Mon, Feb 13, 2012 at 12:15:02PM +0100, Matus UHLAR - fantomas wrote: >>> What I need is to pass phishes sent to one particular address >>> (abuse@, since we should knnow when our customers send phishes) > > On 13.02.12 13:45, Henri Salo wrote: >> You might be looking for these arguments of clamscan. You can also control >> this in clamd.conf. Default is marked as "(*)". > > I am not looking for any currently existing arguments to clam(d)scan nor > clamd. With them, the only possible way of checking for phishes etc is to > scan twice - once with phishingsignatures, once > without them. > > This is not nice no matter if I call clamscan (which takes long to load the > signature database), or clamd (would require 2 clamd processes running), or > combination of these two. >
Try --heuristic-scan-precedence=yes (similar clamd option exists too). It will cause ClamAV to stop and report on the first Heuristics.* match it finds. Phishing is part of Heuristics.* The default behaviour is 'no', so when it sees a Heuristics.* it keeps scanning and if a malware is found, then that is reported instead of the Heuristics. The problem is that Heuristics.* is not only phishing, but some other stuff as well. Best regards, --Edwin _______________________________________________ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
