Re: [clamav-users] Grizzly Steppe

I have offered sigs to ClamAV official but have heard nothing back yet. > On Jan 4, 2017, at 6:52 PM, Eric Tykwinski wrote: > > This was my concern about Cisco’s AMP product on ASA’s and NGIPS’s. I’m > going to be beta testing stuff out shortly, but don’t have high

Re: [clamav-users] Grizzly Steppe

gainst a virgin ClamAV > signature database to answer the question? I'd be happy to if there are > samples I can access. > > -Al- > > On Wed, Jan 04, 2017 at 07:33 AM, TR Shaw wrote: >> >> I added detection in winnow_extended_malware.hdb which is distributed is th

Re: [clamav-users] Grizzly Steppe

I added detection in winnow_extended_malware.hdb which is distributed is the sanesecurity feed the day after the JAR was released. I also searched for the RAT and added signatures for that as well in winnow_malware_links.ndb Signatures are identified as winnow.Trojan.GRIZZLY_STEPPE. Tom >

[clamav-users] Question on attachments

How does ClamAV decide to unpack an attachment? In particular this is in reference to the recent Locky attachments that are zips but have the attachment extension “dip” ___ clamav-users mailing list clamav-users@lists.clamav.net

Re: [clamav-users] Problems with safe browsing

You missed my point. It was it was a shame that safe browsing sigs only for of files that look like email. > On Nov 11, 2016, at 12:43 AM, Gene Heskett <ghesk...@shentel.net> wrote: > > On Thursday 10 November 2016 17:45:24 TR Shaw wrote: > >> Thanks, all. >>

Re: [clamav-users] Problems with safe browsing

eve > Twitter: @sanesecurity > > > > On 10 November 2016 19:53:05 TR Shaw <ts...@oitc.com> wrote: > >> I have freshclam set to load safe browsing: >> >> -rw-r--r-- 1 _clamav admin 57874944 Nov 10 11:51 daily.cld >> -rw-r--r-- 1 _clamav ad

[clamav-users] Problems with safe browsing

I have freshclam set to load safe browsing: -rw-r--r-- 1 _clamav admin 57874944 Nov 10 11:51 daily.cld -rw-r--r-- 1 _clamav admin 103419904 Nov 10 13:51 safebrowsing.cld I placed http://ianfette[.]org/ in a file safebrowsingtest.txt Then I run clam and expect to hit safe browsing but I

Re: [clamav-users] Scanning very large files in chunks

Actually there is always a probability that a detection will not occur if you beak apart at file into pieces This is due to the following 1) md5 signatures based upon any file type are applied on any file and match to the md4 hash of that file AND the file’s size. If you break apart a file,

Re: [clamav-users] ClamAV and DoD Approval

Actually they approved ClamAV for use in CI PL 4 & 5 since mid 2000s iPhone says hi! > On Jul 12, 2016, at 5:55 PM, Albrecht, Thomas C > wrote: > > Hi, > > > > I'm hoping someone on this list can answer this question. I work as a > defense contractor, and one

[clamav-users] Clam & safe browsing question/problem

The following is safebrowsing’s test host name, malware.testing.google[.]test, and using google’s test page https://www.google.com/transparencyreport/safebrowsing/diagnostic/index.html#url=malware.testing.google[.]test shows that it is listed. I have enabled safebrowsing in freshclam.cong and

Re: [clamav-users] ClamAV - References

You should remind your security dept that ClamAV is owned and maintained by Cisco. > On Apr 18, 2016, at 11:13 AM, Retailleau, Damien (GE Capital) > wrote: > > Hi ClamAV users, > > We are, at GEMB France, currently looking for a solution to scan files upload > on

Re: [clamav-users] winnow FP

Removed when I saw the original message > On Apr 14, 2016, at 3:22 AM, Paul Whelan wrote: > > On 13 Apr 2016 at 11:20, Alex wrote: > >> Hi, >> >> I don't understand why themastersbaker.com would be tagged? >> >> # sigtool --find-sigs winnow.spam.ts.untyped.966134 |

Re: [clamav-users] 800-53 (Rev. 4) Question {the first}

ClamAV does provide for heuristic detection and its normal ruleset includes heuristic rule as does the UNOFFICIAL feeds.It meets the mail for NIST as well as DCID (and its followon regs) Tom > On Jan 29, 2016, at 7:01 AM, Brad Scalio wrote: > > Can anyone answer the mail on

Re: [clamav-users] just a little help please

On Jul 23, 2015, at 9:26 PM, Al Varnell alvarn...@mac.com wrote: On Thu, Jul 23, 2015 at 05:28 PM, phoenixcomm wrote: I am new to clamAV so be gentle. the Tk interface is very nice but I have a problem you have only 2 choices to scan home or everything. you need to add other dir as

Re: [clamav-users] ClamAV® blog: ClamAV 0.99b Meets YARA!

Steve I have my own yara rules. Are you going to accept them for rsync? Tom On Jun 5, 2015, at 11:02 AM, Steve Basford steveb_cla...@sanesecurity.com wrote: On Wed, June 3, 2015 8:02 pm, Joel Esler (jesler) wrote: ClamAV 0.99b Meets YARA! The first beta release of ClamAV 0.99 is now

[clamav-users] http://www.stats.clamav.net

I originally signed on using gmail. However gmail no longer support OpenID 2. Per Google, OpenID 2.0 was replaced by OpenID Connect, and since April 20, 2015, no longer works for Google Accounts. OpenID 2.0 support was shut down in order to focus on the newer open standard OpenID Connect,

Re: [clamav-users] Blocking malicious URLs in a local database

your.local.ndb file: signame.1:4:*: . bin2hex(http://bad.domain.com/path;) . \n; signame.2:5:*: . bin2hex(http://bad.domain.com/path;) . \n; On Mar 30, 2015, at 2:34 PM, Dave McMurtrie dav...@andrew.cmu.edu wrote: Hi, Hopefully someone here can steer me in the right

Re: [clamav-users] ClamXav and Compressed Files

On Mar 29, 2015, at 1:45 AM, Dennis Peterson denni...@inetnw.com wrote: On 3/28/15 10:43 PM, Jinwon Lee wrote: Thanks for that. I guess ‘Hash Value’ refers to the ClamAV identifying the .dmg as a known file that contains virus/es. Jinwon That was the case too for password protected

Re: [clamav-users] ClamXav and Compressed Files

On Mar 29, 2015, at 12:24 PM, G.W. Haywood cla...@jubileegroup.co.uk wrote: Hi there, On Sun, 29 Mar 2015, Denis Peterson wrote: ... I meant dd, not cpio. But that won't work either ... Does kpartx help? I use it for mounting bits of assorted disc images, mostly when I'm playing

Re: [clamav-users] url scanner

You need to look into a content filter that can use spamhaus.ro and/or surbl.org DNS based RBLs. On Dec 18, 2014, at 9:40 AM, Steve Basford steveb_cla...@sanesecurity.com wrote: On Thu, December 18, 2014 2:29 pm, polloxx wrote: Since more and more malware is not attached to a mail but only

Re: [clamav-users] url scanner

Sanesecurity's distibution of multiple sourced data (sansesecurity, CRDF, winnow and others) have url detections in them but you really need to add SURBL and Spamhaus' DBL in content filtering as well. On Dec 18, 2014, at 11:50 AM, Arnaud Jacques / SecuriteInfo.com webmas...@securiteinfo.com

Re: [clamav-users] Low detection rate

Many use hxxp for http or [.] or dot for the period in the domain name. Tom On Mar 3, 2014, at 9:00 AM, Steve Hill wrote: On 03.03.14 13:49, Steve Basford wrote: I think a h t t p non-clickable link might have been wise though, just in case someone hasn't had their coffee yet and clicks

Re: [clamav-users] Low detection rate

btw that one should have been detected by winnow (distributed in Steve's rsync feed) On Mar 3, 2014, at 9:03 AM, Larry Stone wrote: On Mar 3, 2014, at 7:49 AM, Steve Basford steveb_cla...@sanesecurity.com wrote: On 03.03.14 12:38, Dennis Peterson wrote: Did you just send a link to

Re: [clamav-users] Spam bounces from this list

$ nslookup geneslinuxbox.net.multi.uribl.com Server: 10.0.1.1 Address:10.0.1.1#53 ** server can't find geneslinuxbox.net.multi.uribl.com: NXDOMAIN On Feb 6, 2014, at 4:48 PM, Dennis Peterson wrote: I'm not part of your problem or your solution. I don't own the TTL of the

[clamav-users] Submissions being rejected :-(

This is the mail system at host si01.clam.sourcefire.com. I'm sorry to have to inform you that your message could not be delivered to one or more recipients. It's attached below. For further assistance, please send mail to postmaster If you do so, please include this problem report. You can

[clamav-users] My malware submissions are bouncing. Help!

Any ideas? btw, Happy Thanksgiving! This is the mail system at host si01.clam.sourcefire.com. I'm sorry to have to inform you that your message could not be delivered to one or more recipients. It's attached below. For further assistance, please send mail to postmaster If you do so, please

Re: [clamav-users] Freshclam updates failing

On Jun 22, 2013, at 8:52 AM, Denis McMahon wrote: On 22/06/13 04:10, Dennis Peterson wrote: On 6/21/13 5:45 AM, Denis McMahon wrote: appear to suggest that my dns is fine (these are included in the log). I have another machine on the LAN which updates fine. What do you get if you run

Re: [clamav-users] looking for Bill Landry b...@inetmsg.com

On Nov 25, 2012, at 10:19 PM, Paul Wise wrote: Hi all, Bill Landry is the developer of clamav-unofficial-sigs and since I'm the Debian maintainer of that, I need to discuss some things with him but his domain inetmsg.com doesn't respond to HTTP or SMTP connections. Does anyone know what

Re: [clamav-users] [Clamav-users] Specify a watch folder for clamav

Linux, bsd unix and MacOSX all support directory/folder changed actions. Tom On Dec 6, 2012, at 1:26 PM, Jari Fredriksson wrote: 06.12.2012 19:44, franckm kirjoitti: Is it possible to have clamd (clamav deamon) watch a specific folder (and only that one) and automatically scan the files as

Re: [clamav-users] SourceFire support - signature file updates

On Nov 27, 2012, at 1:11 PM, Nigel Houghton wrote: On Nov 27, 2012, at 12:32 PM, Dennis Peterson denni...@inetnw.com wrote: Can we get a link to a SourceFire statement on the future of ClamAV? I just rolled it out to a very large enterprise and they won't be happy if this thing is

Re: [clamav-users] missed virus

Hi winnow.attachments.hdb winnow_bad_cw.hdb winnow_malware_links.ndb Also work to stop these On Nov 15, 2012, at 4:55 PM, Steve Basford wrote: OK, I'm stumped as to why clamav-milter did not catch this virus. It was from this address, being masked as from UPS: File:

Re: [clamav-users] PCI-DSS Compliance

It meets NIST's requirements (NIST Special Publication 800-53 and associated) and is running on NIST approved and DCID 6/3 approved systems. Tom On Nov 8, 2012, at 10:17 AM, Royce Williams wrote: On Wed, Nov 7, 2012 at 4:01 PM, Kaushal Shriyan kaushalshri...@gmail.com wrote: Is clamAV

[clamav-users] Bug 5543

I don't mind if SourceFire decides they don't like my proposals or problem sets. But I do think it shows poor stewardship of clamav when on bugzilla and on mail lists there is not a peep of a response from SourceFire after 90 days. Either yea or nay. Its like they are ignoring bugzilla entries.

[clamav-users] Backchannel sample submittals.

For years I have been feeding usdetected samples directly to Luca and the clam AV team. Ever since the handover of personnel my submittal bounce! My submittal address was: redac...@unfiltered.clamav.net Any help would be appreciated. Tom ___ Help

Re: [clamav-users] Introducing the new ClamAV team

On Jun 22, 2012, at 2:56 PM, Joel Esler wrote: Earlier this week we announced a new chapter for ClamAV with the departure of Tomasz Kojm, Alberto Wu, Luca Gibelli and Edwin Török. While we are sad to see them go, we are grateful for the contributions they have made and are committed to

Re: [clamav-users] False positive suspicion - Fax Server Plus

On May 8, 2012, at 5:30 AM, Fajar A. Nugraha wrote: On Tue, May 8, 2012 at 4:18 PM, Al Varnell alvarn...@mac.com wrote: On 5/8/12 1:42 AM, Nicole Brown supp...@faxserverplus.com wrote: We got some reports from our customers said our website reported as Malware Site by Bitdefender. Here is

Re: [clamav-users] Virus information database?

On May 7, 2012, at 8:35 PM, Pepijn Schmitz wrote: Hi Al, On 07-05-12 20:44, Al Varnell wrote: And is there no place where I can find more information about the trojan ClamAV thinks it is detecting? Surely there is more information than a hex string, somewhere? The only one that might

Re: [clamav-users] False positive submission page down (for a few days now)?

On Apr 19, 2012, at 8:24 AM, Ralf Hildebrandt wrote: * Török Edwin ed...@clamav.net: On 04/19/2012 02:59 PM, Ralf Hildebrandt wrote: Is there an alternative way of submitting FP's? Are you using this page? http://www.clamav.net/lang/en/sendvirus/submit-fp/ Yep. Works here in

[clamav-users] Question on processing Jar files

Does ClamAV teat .jar files in a similar fashion as to .zip's? eg. is the jar broken apart and then individual .class and other files get scanned as well? Looking into options for whiting signatures for these. TIA, Tom ___ Help us build a

[clamav-users] Bytecode 34 failed to run

ClamAV 0.97.4/14681/Wed Mar 21 12:47:18 2012 Bytecode 34 failed to run Submitted to bugzilla as Bug 4629 Tom ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml

[clamav-users] Bytecode runtime error

$ clamdscan -V ClamAV 0.97.3/14323/Wed Jan 18 09:09:29 2012 LibClamAV Warning: Bytecode runtime error at line 0, col 0 LibClamAV Warning: [Bytecode JIT]: recovered from error LibClamAV Warning: [Bytecode JIT]: JITed code intercepted runtime error! LibClamAV Warning: Bytecode 36 failed to run:

[clamav-users] 0.97.3 compile on OSX 10. 6.8 with xcode 4.2

Works fine for 32bit intel ./configure --enable-llvm --enable-clamdtop --with-user=_clamav --with-group=_clamav Under 0.97.2 it worked fine on 64 bit as well. Now it fails along with CFLAGS=-arch x86_64 CXXFLAGS=-arch x86_64 ./configure --enable-llvm --enable-clamdtop --with-user=_clamav

Re: [clamav-users] 0.97.3 compile on OSX 10.6.8 with xcode 4.2

, TR Shaw wrote: Ideas? If you've got MacOS X 10.6.8, then you can't use Xcode 4.2-- that's for 10.7 or later: xcode42.tiff ClamAV 0.7.3 appears to compile and pass all self-checks under 10.6.8 using Xcode 4.0 (or 3.x also): make check-TESTS PASS: check_clamav PASS

Re: [clamav-users] Obfuscated IP address.

On Sep 19, 2011, at 12:04 PM, Bowie Bailey wrote: On 9/19/2011 11:46 AM, Michael Orlitzky wrote: A hostname cannot be all digits and except when the IP is used there will be a TLD, so if you see a pattern such as http:// 123456789/ cgi-bin/innocent_code.pl (Ignore the spaces they are

Re: [clamav-users] Virus not detected by Clamav

On Jun 29, 2011, at 6:04 AM, polloxx wrote: On Wed, Jun 29, 2011 at 11:45 AM, Henrik K h...@hege.li wrote: On Wed, Jun 29, 2011 at 12:27:46PM +0300, Mihamina Rakotomandimby wrote: On Wed, 29 Jun 2011 11:24:24 +0200 polloxx poll...@gmail.com wrote: Are there other user with the same

Re: [clamav-users] Virus not detected by Clamav

On Jun 29, 2011, at 7:58 AM, polloxx wrote: On Wed, Jun 29, 2011 at 12:49 PM, Joel Esler jes...@sourcefire.com wrote: If you have a sample of the file, submitting it through ClamAV's submission interface makes it bubble up so the rule writers can get to it faster. (instead of waiting for

Re: [clamav-users] Compiling ClamAV for PPC on an Intel Machine

On Jun 2, 2011, at 7:10 PM, Al Varnell wrote: On 6/2/11 3:37 PM, Russ Tyndall fitz...@redshanksoftware.com wrote: On Jun 2, 2011, at 2:31 PM, Al Varnell wrote: I'm sure I've seen answers to this question on ClamXav's forum http://markallan.co.uk/BB/viewforum.php?f=1 if you don't get an

Re: [clamav-users] FW: APPLE-SA-2011-03-21-1 Mac OS X v10.6.7 and Security Update 2011-001

On Mar 29, 2011, at 1:06 PM, Al Varnell wrote: On 3/29/11 6:29 AM, Russ Tyndall fitz...@redshanksoftware.com wrote: On Mar 27, 2011, at 2:31 AM, Al Varnell wrote: Some Mac users will recall that several months back we discussed the bzip2 bug and I filed a bug report with Apple when it

Re: [clamav-users] Improving Scan Speeds on OS X.4.11

On Mar 16, 2011, at 1:31 PM, Russ Tyndall wrote: On Mar 15, 2011, at 7:10 PM, TR Shaw wrote: On Mar 15, 2011, at 4:48 PM, TR Shaw wrote: Look at your config file. You don't need to scan all more than probably 200KB of a file. So you are suggesting I use the MaxScanSize directive

Re: [clamav-users] Improving Scan Speeds on OS X.4.11

Russ, Look at your config file. You don't need to scan all more than probably 200KB of a file. If you're using google; don't. It will help for email but probably will not help finding badness on a file server. Likewise with unofficials. Not all unofficials are appropriate for your application.

Re: [clamav-users] Can't compile 0.97 as 64-bit on Mac OS 10.5.8

You have to set CXXFLAGS CFLAGS=-arch x86_64 CXXFLAGS=-arch x86_64 ./configure --enable-llvm --enable-clamdtop --with-user=_clamav --with-group=_clamav On Feb 12, 2011, at 9:16 AM, James Brown wrote: I have been compiling clamav all day with a great many combinations of options. No matter

Re: [clamav-users] Sophos Anti-Virus

On Jan 2, 2011, at 7:12 PM, Bob Traktman wrote: Is there any reason not to keep ClamAv and Sophos Anti-Virus -- both active? None whatsoever. Defense in depth is a good thing. Tom ___ Help us build a comprehensive ClamAV guide: visit

[clamav-users] When to run freshclam? Was Re: Updating of clam stats has stopped

On Dec 31, 2010, at 2:25 AM, Török Edwin wrote: Actually in 0.96.5 freshclam gets the stats directly from clamd, not the logs. If you restart clamd the stats are lost as they are not saved anywhere. Oh so that means if you want to keep stats you need to run freshclam on shutdown or restart

Re: [clamav-users] Updating of clam stats has stopped

On Dec 30, 2010, at 4:56 PM, Jerry wrote: I recently noticed that my stats are not being updated online. The Last detected IP: 0.0.0.0 is obviously incorrect. When I attempt to update manually, I receive this message: *** Virus databases are not updated in this mode ***

Re: [Clamav-users] Upcoming release of ClamAV (0.96.5)

OSX 10.6.5 Other than the normal bzip2 and .map warnings and a number of long int to off_t cast warnings and detect.cpp: In function ‘void cli_detect_env_jit(cli_environment*)’: detect.cpp:128: warning: enumeration value ‘Minix’ not handled in switch Seemed to be fine: make check-TESTS SKIP:

[Clamav-users] Solved Re: OSX configure command

On Nov 14, 2010, at 6:41 PM, Larry Stone wrote: On 11/14/10 1:44 PM, Spiro Harvey at sp...@knossos.net.nz wrote: This is where your trouble started. This is telling you it can't find an appropriate C compiler (gcc). configure:3749: found /Developer/usr/bin/gcc configure:3760: result:

Re: [Clamav-users] OSX configure command

On Nov 13, 2010, at 7:46 PM, Larry Stone wrote: On 11/13/10 5:35 PM, TR Shaw at ts...@oitc.com wrote: I just got around to compiling 0.96.4 and no joy. My configure command no longer is working properly. I have xcode install and my search path is /Developer/usr/share:/Developer/usr/sbin

Re: [Clamav-users] OSX Boonana Trojan

I have detection for it in winnow malware unofficial and samples have been forwarded to Luca.. Tom On Oct 30, 2010, at 3:36 AM, Al Varnell wrote: Above named Trojan or worm, depending on your prospective, was found in the wild last week, rated critical by at least one commercial vendor. I

[Clamav-users] PS Re: OSX Boonana Trojan

PS Its not just OSX It exploits a flaw in java so linux, unix, and windoz are all infect-able. On Oct 30, 2010, at 3:36 AM, Al Varnell wrote: Above named Trojan or worm, depending on your prospective, was found in the wild last week, rated critical by at least one commercial vendor. I have

Re: [Clamav-users] safe_clamd

On Oct 14, 2010, at 7:05 AM, Luca Gibelli wrote: Hello, starting from the 0.96.2 release, our source tarball includes a script to automatically restart clamd in case the daemon crashes. The script is currently placed in the contrib/ directory. Latest version is always available from:

Re: [Clamav-users] Unable to install ClamAV 96.3.

Al Just compile bzip2 from the source. Thats what I did and everything was fine. Tom On Oct 1, 2010, at 1:10 AM, Al Varnell wrote: On Sep 30, 2010, at 9:05 PM, Dennis Peterson denni...@inetnw.com wrote: On 9/30/10 8:57 PM, Syed Zubair wrote: This is what I get when I try to install ClamAV

[Clamav-users] PS Re: Unable to install ClamAV 96.3.

There is a patch for bsd (also required for Apple) for PDFs and there is a bogus link warning about ,map files which you can ignore. Tom On Oct 1, 2010, at 1:10 AM, Al Varnell wrote: On Sep 30, 2010, at 9:05 PM, Dennis Peterson denni...@inetnw.com wrote: On 9/30/10 8:57 PM, Syed Zubair

Re: [Clamav-users] block attachment with certain file endings (also in archives)

On Sep 27, 2010, at 10:36 PM, Florian Friesdorf wrote: Hi, I host several mailing list with plenty of users having gmail accounts. gmail blocks attachments with certain file endings (also if the files are in certain archives): http://mail.google.com/support/bin/answer.py?answer=6590

Re: [Clamav-users] Tracking false positives

On Sep 27, 2010, at 4:24 PM, Alex wrote: Hi, In addition, there a brilliant Third-Party signature decoder here, which will easily show you the content of the Third-Party signature, just cut/paste or type in the signature name and it'll decode it:

Re: [Clamav-users] SubmitDetectionStats: Incorrect format of the log file

Having issues: /usr/local/bin/clamscan --official-db-only --infected --detect-broken --move=/Usersx/virus_archive /Usersx/malware/ LibClamAV Error: cli_pdf: mmap() failed (2) Have no idea what this means. Should I sumbit a bug report? Tom ___ Help

Re: [Clamav-users] What ever happened to the Release Candidate for 0.96.3??

Wendy Download the bzip2 security release and compile. I have to go back to my office to check what compile settings are necessary as the dedault make file is nor good enough. Tom On Sep 22, 2010, at 11:59 AM, Wendy J Bossons wrote: I am running clamav on my dev laptop which is Snow

Re: [Clamav-users] What ever happened to the Release Candidate for 0.96.3??

Wendy, Download the source from bzip, open the make file and insert CFLAGS=-Os -arch i386 -arch x86_64 $(BIGFILES) or CFLAGS=-Os -arch ppc $(BIGFILES) depending on which processor you need and then sudo make install Tom On Sep 22, 2010, at 11:59 AM, Wendy J Bossons wrote: I am running

Re: [Clamav-users] Tracking false positives

On Sep 14, 2010, at 7:00 AM, Alex wrote: Hi, In addition, there a brilliant Third-Party signature decoder here, which will easily show you the content of the Third-Party signature, just cut/paste or type in the signature name and it'll decode it:

Re: [Clamav-users] Tracking false positives

On Sep 13, 2010, at 12:48 PM, Alex wrote: Hi, We had a user report that their email was tagged with winnow.botnets.zu.zeus.4637.UNOFFICIAL, according to the logs. How can I track this, and determine which database it was that contains this pattern, and why it considered this email to

Re: [Clamav-users] Tracking false positives

On Sep 13, 2010, at 1:58 PM, Alex wrote: Hi, winnow.botnets.zu.zeus.4637.UNOFFICIAL, according to the logs. How can That signature is not is our active database. When did you last update your files? zeus urls and IP come and go as machines are infected and cleaned so you must keep

Re: [Clamav-users] Phishing detection on downloaded pages

On Dec 10, 2009, at 6:24 AM, Török Edwin edwinto...@gmail.com wrote: On 2009-12-10 13:06, Sundara Kaku wrote: Thanks for the reply, However if all you want is detect phishing, the heuristic phishing detection won't work with webpages, it is designed for phishing mails (which are