clamav-users August 2009 archive
Main Archive Page > Month Archives  > clamav-users archives
clamav-users: Re: [Clamav-users] exceptions where?

Re: [Clamav-users] exceptions where?

From: Len Conrad <LConrad_at_nospam>
Date: Sun Aug 16 2009 - 15:57:15 GMT
To: ClamAV users ML <>

>>How can I put
>>... in local.ign, if I can't find it in the files unpacked by sigtool?
>Phishing heuristics sigs are not "real" signatures, so your choices include disable the phishing heuristics in clamd.conf (PhishingScanURLs no

Although Barracudas have passed many phishing emails, and I was hoping clamd in cascade would help, I've had to do "PhishingScanURLs no" in clamd.conf. Way more FPs than TPs, and a nice variety, too. One day, it stopped all headlines alerts, and it blocked monthly notices about credit card balances, which looked legit from the content, and from all the Received: headers.

I just caught an FP where one of our DSL users sent to herself, directly to our submission box running clamd, from the IP she successfully POPs from, a .gov job site notice. I guess I'll here from her soon. :)


Help us build a comprehensive ClamAV guide: visit