> -----Original Message----- > From: Jan Pieter Cornet > Sent: Friday, January 06, 2006 5:56 PM > To: ClamAV users ML > Subject: Re: [Clamav-users] Phishing - ClamAV and version 0.9 > > No, you can also do that with the current version. You'll just have to > "create" your own signature database, by taking the official clamav > signature database and removing the phishing signatures from it. > > We're currently doing this, and I'm willing to share the scripts and > configs to do it, if there is interest.
That's a wonderful offer, but I'm not looking to turn off the phishing rules. I'd like to actually make them more strict as we have many clients complaining about the phishing messages that are getting past the system. What puzzles me is, a number of these phishing messages are quite elementary and it seems that the signatures to stop them should already be in existence. I'm basing this statement on my submitting of the email in question to the online scanner http://test-clamav.power-netz.de/ Everyone that I have submitted indicates that the message does not contain malware. Maybe I should be looking at the more basic questions: 1) Would the online scanner indicate the existence of phishing as malware? 2) Maybe I'm using the online scanner incorrectly? What I do is save the message (using my MS Outlook) as an HTML file and then submit that file? Thanks for all the assistance. /jenn _______________________________________________ http://lurker.clamav.net/list/clamav-users.html
