Re: [Clamav-devel] Removal of clamscan's --no-phishing-restrictedscan option
On Thu, 02 Oct 2008, 22:16 GMT+03 Török Edwin wrote: Indeed, --phishing-ssl and --phishing-cloak should work even if the host is not in the .pdb and display the proper name. I fixed this is in SVN r4220, and will be part of 0.94.1 (bug #1211). You can have a look at these files, and scan it with a .pdb containing a 'H:example.com' line: http://svn.clamav.net/svn/clamav-devel/trunk/unit_tests/input/phish-test-clean http://svn.clamav.net/svn/clamav-devel/trunk/unit_tests/input/phish-test-cloak http://svn.clamav.net/svn/clamav-devel/trunk/unit_tests/input/phish-test-ssl I've added these to the unit test too (check_clamscan.sh). Thanks a lot for the quick fix. I can confirm that the latest SVN version now works fine (in contrast to 0.94 and 0.93*): [EMAIL PROTECTED] ~]# clamscan --phishing-cloak --phishing-ssl /root/clamav-devel-r4225/unit_tests/input/phish-test-* /root/clamav-devel-r4225/unit_tests/input/phish-test-clean: OK /root/clamav-devel-r4225/unit_tests/input/phish-test-cloak: OK /root/clamav-devel-r4225/unit_tests/input/phish-test-ssl: OK --- SCAN SUMMARY --- Known viruses: 436556 Engine version: 0.94 Scanned directories: 0 Scanned files: 3 Infected files: 0 Data scanned: 0.00 MB Time: 1.803 sec (0 m 1 s) [EMAIL PROTECTED] ~]# clamscan-devel-20081004 --phishing-cloak --phishing-ssl /root/clamav-devel-r4225/unit_tests/input/phish-test-* /root/clamav-devel-r4225/unit_tests/input/phish-test-clean: OK /root/clamav-devel-r4225/unit_tests/input/phish-test-cloak: Phishing.Heuristics.Email.Cloaked.Null FOUND /root/clamav-devel-r4225/unit_tests/input/phish-test-ssl: Phishing.Heuristics.Email.SSL-Spoof FOUND --- SCAN SUMMARY --- Known viruses: 436556 Engine version: devel-20081004 Scanned directories: 0 Scanned files: 3 Infected files: 2 Data scanned: 0.00 MB Time: 1.708 sec (0 m 1 s) [EMAIL PROTECTED] ~]# clamscan-devel-20081004 /root/clamav-devel-r4225/unit_tests/input/phish-test-* /root/clamav-devel-r4225/unit_tests/input/phish-test-clean: OK /root/clamav-devel-r4225/unit_tests/input/phish-test-cloak: OK /root/clamav-devel-r4225/unit_tests/input/phish-test-ssl: OK --- SCAN SUMMARY --- Known viruses: 436556 Engine version: devel-20081004 Scanned directories: 0 Scanned files: 3 Infected files: 0 Data scanned: 0.00 MB Time: 1.698 sec (0 m 1 s) Best, rob. ___ http://lurker.clamav.net/list/clamav-devel.html Please submit your patches to our Bugzilla: http://bugs.clamav.net
Re: [Clamav-devel] Removal of clamscan's --no-phishing-restrictedscan option
On 2008-10-02 10:25, Robert Allerstorfer wrote: Hi, clamscan 0.94 is the first version after 0.9 where the --no-phishing-restrictedscan option is no more mentioned in the output of 'clamscan -h'. However, that option has in fact been removed earlier - at least in the 0.93.x versions that option just did nothing when specified. So now, there are only the options --phishing-ssl and --phishing-cloak remaining if someone wants a higher detection rate of *possible* phishings. However, using them did not make any difference in my tests as without them. Edwin's mbox test file from https://wwws.clamav.net/bugzilla/attachment.cgi?id=141 will always be detected as Phishing.Heuristics.Email.SpoofedDomain, no matter which options are set or not. Could someone please give any sample that demonstrates the --phishing-* options? Indeed, --phishing-ssl and --phishing-cloak should work even if the host is not in the .pdb and display the proper name. I fixed this is in SVN r4220, and will be part of 0.94.1 (bug #1211). You can have a look at these files, and scan it with a .pdb containing a 'H:example.com' line: http://svn.clamav.net/svn/clamav-devel/trunk/unit_tests/input/phish-test-clean http://svn.clamav.net/svn/clamav-devel/trunk/unit_tests/input/phish-test-cloak http://svn.clamav.net/svn/clamav-devel/trunk/unit_tests/input/phish-test-ssl I've added these to the unit test too (check_clamscan.sh). Best regards, --Edwin ___ http://lurker.clamav.net/list/clamav-devel.html Please submit your patches to our Bugzilla: http://bugs.clamav.net
