Hi Steve, On Fri 18/Jul/2014 19:00:08 +0200 Steven Morgan wrote: > > Also, have a look at the document phishsigs_howto.pdf in the ClamAV docs/ > directory. It contains some info on identifying the reason for the phish > detection and on how to write whitelist signatures.
Hm... why.py doesn't seem to be up to date. But --debug still works. > You should be able to create a local whitelist, local.wdb for > example, and add that to your database directory rather than > modifying daily.wdb. Correct, thanks. If I create local.wdb having these three lines: M:www.facebook.com:www.sella.it M:plus.google.com:www.sella.it M:www.youtube.com:www.sella.it then the message is clean. daily.cld already contains similar lines, but it seems the bank change their html more quickly than database maintainers can cope with :-/ Note that I already know the sender is whitelisted by DNSWL by the time I scan. However, keeping two engines, one of which is loaded without phishing signatures would seem to be overkilling, no? Any other idea? Ale _______________________________________________ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/support/ml
