Török Edvin wrote: > On 9/16/06, Ian Castle <[EMAIL PROTECTED]> wrote: >> I built this (probably wrongly ;-) > Tell me how you called ./configure and we'll see if its correct.
I just did the cvs checkout a bit too early - so was missing the --phish-scan-alldomains option. CVS update has sorted that out. Seems OK for the moment. >> the other day, in order to test it on >> our repository of phishing emails (http://phishery.internetdefence.net) >> - are there any recommended signatures for use > Not (yet). > Neither the domainlist (daily.pdb), or the whitelist (daily.wdb) is > "required". > If they are not found, they are simply not used. However you will > certainly want a .pdb file, otherwise you'll have many false > positives! I'll create this by running against known phish, known spam, known ham. > I've updated the documentation in the phishsigs_howto with some > examples on how to create those databases. Excellent, I'll do another cvs update. > > First you should start with a test using --phish-scan-alldomains, and > see how many phishes it catches. > Then you need to create a list of > domains/urls (ebay,paypal,...) that are frequently target of phishing. I have this - been collecting them for a while.. > Otherwise you'll have many false positives. Then test again with this > database you created,... > > I see that you already have a list of phishing sites, if you have the > corresponding url they claim to link to, you can generate a .pdb file > out of that [it is recommended to do it manually, see below]. > > At first you might want to test it with some common sites, like > ebay/paypal, and don't care about the displayedURL in the .pdb file > (use .+ to match all displayedURLs). > Or you might just create a list of hosts in it (using H), listing > ebay,paypal,... > > P.S.:please update from cvs, there have been some bugfixes. Will do. I'll come back with some results if that will be useful. Cheers, Ian. > > Best regards, > Edwin > _______________________________________________ > http://lurker.clamav.net/list/clamav-devel.html _______________________________________________ http://lurker.clamav.net/list/clamav-devel.html
