On Fri, 4 Aug 2023, Scott via clamav-users wrote:
I was looking for a way to write my own detection mechanisms. I know I can
detect binary files by creating signatures with sigtool but this javascript
can change like one character and the signature would be off.
I'm thinking something more generic like all javascript in attachments
should be deemed phishing would be better at this.
-----Original Message-----
any way to flag all javascript from attached html files ?
IIRC, long ago I used PUA filtering to exclude emails containing PDFs with
javascript and/or flash. Thus
https://docs.clamav.net/faq/faq-pua.html
might help.
clamd.conf does have option "ScanHTML" which doesn't do what you want
but may help if you are not using it already.
--
Andrew C. Aitchison Kendal, UK
and...@aitchison.me.uk
_______________________________________________
Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/listinfo/clamav-users
Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation
https://docs.clamav.net/#mailing-lists-and-chat
