No. A quick search reveals 2,884 signatures that contain "Phishing" and I'm sure there are others. Some are documents, some HTML, but most are e-mail. None are labeled "Heuristics", but it could be argued that some of them are.
-Al- On Wed, May 10, 2017 at 10:44 PM, crazy thinker wrote: > > @AI > > For Phishing Only, ClamAV uses Heuristics scanning ? > > On 11 May 2017 at 11:10, Al Varnell <[email protected]> wrote: > >> I could be wrong, but my impression has always been that ClamAV signatures >> target only Malware and Phishing, while Spam detection is all done using >> UNOFFICIAL sigs. >> >> Sent from Janet's iPad >> >> -Al- >> -- >> Al Varnell >> Mountain View, CA >> >> On May 10, 2017, at 10:11 PM, nobs wrote: >>> Hi, >>> >>> Am 01.05.2017 um 19:19 schrieb Kris Deugau: >>>> >>>> With third-party sets, you could walk through the signature names, and >>>> build some local scripting to split the datasets as you please - I've >>>> started to do this locally. >>> >>> Basically that is what I tried. Maybe I just looked at the wrong places. >>> Could you give me a hint where to put my fingers? >>> >>> To get an idea what I currently do in my email-server: >>> >>> 1) checking for spam with SpamAssassin, including some DNSBL and other >>> external ressources for such things; so I am quite sure I catched >>> everything "bad" from this perspective >>> >>> 2) checking the hash of all attachments against VirusTotal; so I am >>> quite sure I got all already known malware >>> >>> 3) checking against a local instance of ClamAV and submit all reports to >>> VirusTotal >>> >>> The point is now: I don't like to report files with spam to VirusTotal >>> because it is senseless and a wast of resources. >>> >>> Here are the scripts I wrote for that purpose, just in case someone is >>> interested: >>> >>> https://github.com/nobswolf/procmail2virustotal >>> >>> I just think it is a good thing to keep spam and viruses separated. So >>> at least the databases of ClamAV should get a kind of "flag" whether >>> they catch the one kind or the other. This would make it easier for >>> post-processing scripts do decide what to do with the results. >>> >>> What do you think? >>> >>> nobs >> _______________________________________________ >> clamav-users mailing list >> [email protected] >> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users >> >> >> Help us build a comprehensive ClamAV guide: >> https://github.com/vrtadmin/clamav-faq >> >> http://www.clamav.net/contact.html#ml >> > _______________________________________________ > clamav-users mailing list > [email protected] > http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users > > > Help us build a comprehensive ClamAV guide: > https://github.com/vrtadmin/clamav-faq > > http://www.clamav.net/contact.html#ml -Al- -- Al Varnell Mountain View, CA
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ clamav-users mailing list [email protected] http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
