clamav-users August 2009 archive
Main Archive Page > Month Archives  > clamav-users archives
clamav-users: Re: [Clamav-users] exceptions where?

Re: [Clamav-users] exceptions where?

From: Len Conrad <LConrad_at_nospam>
Date: Sun Aug 16 2009 - 15:57:15 GMT
To: ClamAV users ML <clamav-users@lists.clamav.net>

>>How can I put
>>Phishing.Heuristics.Email.SpoofedDomain
>>... in local.ign, if I can't find it in the files unpacked by sigtool?
>>thanks
>>Len
>
>Phishing heuristics sigs are not "real" signatures, so your choices include disable the phishing heuristics in clamd.conf (PhishingScanURLs no

Although Barracudas have passed many phishing emails, and I was hoping clamd in cascade would help, I've had to do "PhishingScanURLs no" in clamd.conf. Way more FPs than TPs, and a nice variety, too. One day, it stopped all nytimes.com headlines alerts, and it blocked monthly notices about credit card balances, which looked legit from the content, and from all the Received: headers.

I just caught an FP where one of our DSL users sent to herself, directly to our submission box running clamd, from the IP she successfully POPs from, a .gov job site notice. I guess I'll here from her soon. :)

Len



Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml