Still no reply on this matter. On Fri, Dec 7, 2018 at 6:17 PM Sunny Marwah <sunnymar...@trepup.com> wrote:
> Hi Al Varnell, > > Below is the URL which was mentioned in HTML template : > > https://gokdenizhealthtourism.com/js/logo2.gif > > Chrome don't open it due to labeling it dangerous in as per > "Safebrowsing". Then why ClamAV is not able to identify when "Safebrowsing" > option is already enabled ?? > > Looking to hear from you on this. > > Regards > Sunny > > On Fri, Dec 7, 2018 at 5:50 PM Al Varnell <alvarn...@mac.com> wrote: > >> If you won't provide the URL to the rest of us users, then we can't help >> you. You'll have to wait to see if the development team gets back to you. >> >> -Al- >> >> On Fri, Dec 07, 2018 at 04:10 AM, Sunny Marwah wrote: >> >> Hi Al Varnell, >> >> I have already gone through https://www.clamav.net/documents/safebrowsing >> . >> >> That URL i have already shared with one of ClamAV development team members >> >> I did not understand your point what you said --- "You will probably need >> to obfuscate it in order to get it through the mail system, something like >> httx://....". >> >> My purpose behind using ClamAV is to scan Linux server and plus HTML >> templates which we regularly receive on server. >> >> And the reason behind using "Safebrowing" option is to detect deceptive, >> Phishing URL's in HTML templates in the same way as Chrome warns us before >> opening such URL's. I want ClamAV to detect such files as "Infected" which >> contain deceptive, Phishing URL's. >> >> Waiting for your quick and needful response. >> >> Regards >> Sunny >> >> On Fri, Dec 7, 2018 at 5:22 PM Al Varnell <alvarn...@mac.com> wrote: >> >>> Have your read the explanation at < >>> https://www.clamav.net/documents/safebrowsing>? >>> >>> Please provide the phishing URL that is failing. You will probably need >>> to obfuscate it in order to get it through the mail system, something like >>> httx://.... >>> >>> -Al- >>> >>> On Fri, Dec 07, 2018 at 03:17 AM, Sunny Marwah wrote: >>> >>> Hello Micah & Team, >>> >>> Have not received any response on my last email. >>> >>> Also, i have enabled Safebrowsing option in freshclam.conf as suggested >>> by you. >>> >>> Still i can see that ClamAV is not working properly. There is one file >>> placed on server and there is one phishing URL available in that file. That >>> URL is so deceptive that Chrome is not letting us open that URL due to >>> labeling it as "Deceptive" URL. >>> >>> Why ClamAV is still not able to find that file as "Infected" in scanning >>> even after enabling "Safebrowsing" option ?? >>> >>> Waiting for your quick and needful response. >>> >>> Regards >>> Sunny >>> >>> On Thu, Dec 6, 2018 at 4:41 PM Sunny Marwah <sunnymar...@trepup.com> >>> wrote: >>> >>>> Hi Micah, >>>> >>>> Thanks for letting me know about enabling SafeBrowsing CVD option in >>>> ClamAV. >>>> >>>> Google safe browsing put a website in 3 categories mentioned below : >>>> 1 Secure >>>> 2 Info or Not secure >>>> 3 Not secure or Dangerous >>>> >>>> Curious to know how ClamAV will categorize the HTML file. Let's say, if >>>> any "Note secure or Dangerous" URL is found, will ClamAV will show it as >>>> infected file in scanning summary ? If this is the case, i guess in case >>>> "Secure" URL is found, it will show as OK. And what if URL is found as >>>> "Info or Not secure" ? >>>> >>>> Regards >>>> Sunny >>>> >>>> >>>> On Thu, Dec 6, 2018 at 3:19 PM Micah Snyder (micasnyd) < >>>> micas...@cisco.com> wrote: >>>> >>>>> It may be worth mentioning that in addition to the [optional] >>>>> SafeBrowsing CVD that you can choose to include, ClamAV has just started >>>>> including PhishTank signatures late last month. >>>>> >>>>> For those who curious, see https://lists.gt.net/clamav/virusdb/. >>>>> PhishTank signatures are prefixed with Phishtank.Phishing. >>>>> >>>>> >>>>> Micah Snyder >>>>> ClamAV Development >>>>> Talos >>>>> Cisco Systems, Inc. >>>>> >>>>> >>>>> On Dec 6, 2018, at 3:27 AM, Al Varnell <alvarn...@mac.com> wrote: >>>>> >>>>> Frankly, I'm surprised that ClamAV finds any such URL's. They are way >>>>> to dynamic (blacklisted one day and removed the next). ClamAV does malware >>>>> detection over the long haul and trying to keep up with fraudulent web >>>>> sites would be a full time job and better done by other means (e.g. Google >>>>> Safe Browsing). >>>>> >>>>> -Al- >>>>> >>>>> On Wed, Dec 05, 2018 at 11:33 PM, Sunny Marwah wrote: >>>>> >>>>> Hello Team, >>>>> >>>>> We are using clamav-0.100.2 to scan few HTML email templates. >>>>> >>>>> Sometimes, there are deceptive URL's mentioned in those templates and >>>>> that template should be detected as infected via ClamAV scan process. >>>>> >>>>> I can see weird output of ClamAV scan process. Sometimes it detect >>>>> such templates as infected and sometimes, it does not detect them as >>>>> infected. And the URL's i am talking about, are so deceptive that even >>>>> Google chrome browser don't let us open these URL's and show us clear >>>>> warning as "Dangerous" about deceptive website. >>>>> >>>>> Can you put your views behind such unpredictable behavior ? >>>>> >>>>> If you want then i can report such URL's on your malware link for >>>>> reporting. >>>>> >>>>> Regards >>>>> Sunny >>>>> >>>>> _______________________________________________ >>>>> clamav-users mailing list >>>>> clamav-users@lists.clamav.net >>>>> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users >>>>> >>>>> >>>>> Help us build a comprehensive ClamAV guide: >>>>> https://github.com/vrtadmin/clamav-faq >>>>> >>>>> http://www.clamav.net/contact.html#ml >>>>> >>>>> >>>>> _______________________________________________ >>>>> clamav-users mailing list >>>>> clamav-users@lists.clamav.net >>>>> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users >>>>> >>>>> >>>>> Help us build a comprehensive ClamAV guide: >>>>> https://github.com/vrtadmin/clamav-faq >>>>> >>>>> http://www.clamav.net/contact.html#ml >>>>> >>>> >>>> >>>> -- >>>> Regards >>>> Sunny >>>> System Engineer >>>> Mob : +91 9711155549 >>>> >>> >>> -Al- >>> -- >>> Al Varnell >>> Mountain View, CA >>> >>> >>> >>> >>> >>> _______________________________________________ >>> clamav-users mailing list >>> clamav-users@lists.clamav.net >>> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users >>> >>> >>> Help us build a comprehensive ClamAV guide: >>> https://github.com/vrtadmin/clamav-faq >>> >>> http://www.clamav.net/contact.html#ml >> >> >> -Al- >> -- >> Al Varnell >> Mountain View, CA >> >> >> >> >> >> _______________________________________________ >> clamav-users mailing list >> clamav-users@lists.clamav.net >> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users >> >> >> Help us build a comprehensive ClamAV guide: >> https://github.com/vrtadmin/clamav-faq >> >> http://www.clamav.net/contact.html#ml >> > > > -- > Regards > Sunny > System Engineer > Mob : +91 9711155549 > > -- Regards Sunny System Engineer Mob : +91 9711155549
_______________________________________________ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml