On 02/13/2012 04:01 PM, Matus UHLAR - fantomas wrote:
I am not looking for any currently existing arguments to clam(d)scan
nor clamd. With them, the only possible way of checking for phishes
etc is to scan twice - once with phishingsignatures, once without
them.
This is not nice no matter if I call clamscan (which takes long to
load the signature database), or clamd (would require 2 clamd
processes running), or combination of these two.
On 13.02.12 16:12, Török Edwin wrote:
Try --heuristic-scan-precedence=yes (similar clamd option exists too).
It will cause ClamAV to stop and report on the first Heuristics.* match it
finds. Phishing is part of Heuristics.*
Didn't know that...
The default behaviour is 'no', so when it sees a Heuristics.* it keeps scanning
and if a malware is found,
then that is reported instead of the Heuristics.
The problem is that Heuristics.* is not only phishing, but some other stuff as
well.
That's it. Possibility to continue scanning after malware has been
found is also important. Especially if it was found by heuristics which
some may not trust... not that I don't.
--
Matus UHLAR - fantomas, [email protected] ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
"To Boot or not to Boot, that's the question." [WD1270 Caviar]
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
