So, there's two things you can do here, I think. Phish can be submitted to ClamAV in the same way you submit malware. Phish can also be sent in to phishtank.com<http://phishtank.com> (also a project ran by my team) which allows community voting on phish to product a blacklist for users to use.
-- Joel Esler | Talos: Manager | [email protected]<mailto:[email protected]> On Feb 8, 2018, at 3:52 AM, Matus UHLAR - fantomas <[email protected]<mailto:[email protected]>> wrote: Hello, when submitting phish samples, should I use the same form as for malware? (https://www.clamav.net/reports/malware) some time ago it contained selection list whether it's malware, phish, false positive. Now the page contains forms for malware and false positives - no phishes. I hope phishes are still to be detected :) side question: is it fine to strip sample of an e-mail of private data like recipient mail address, Received: headers etc? -- Matus UHLAR - fantomas, [email protected]<mailto:[email protected]> ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. "Two words: Windows survives." - Craig Mundie, Microsoft senior strategist "So does syphillis. Good thing we have penicillin." - Matthew Alton _______________________________________________ clamav-users mailing list [email protected]<mailto:[email protected]> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml _______________________________________________ clamav-users mailing list [email protected] http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
