You should really cleanup your signatures. I have a Phishing set of 512 Phishing of which 23 are not recognised by ClamAV. From those only 4 are captured by your signatures, which are the following:
d:\_ham-mails\_scan/phishing.070: Html.Phishing.Bank.Sanesecurity.05080100 FOUND d:\_ham-mails\_scan/phishing.192: Html.Phishing.Auction.Sanesecurity.05080100 FOUND d:\_ham-mails\_scan/phishing.199: Html.Phishing.Pay.Sanesecurity.05120802 FOUND d:\_ham-mails\_scan/phishing.335: Html.Phishing.Pay.Sanesecurity.06011101 FOUND So these are Phishing mails, that are not recognised by ClamAV, but by your signatures. If I scan the complete set with your signatures a lot of mails already recognised by ClamAV are actually recognised by your signatures, so there are quite some duplicates in your signatures, compared to ClamAV. I might post a list of the signatures, that are recognising mails, that are already in ClamAV signatues, but I rather see you doing a cleanup first. I did this test with 0.88-1 and siagntures database version 1257. > Hi, > > Firstly, I've done an update to the Unofficial Phishing Signatures. > > Secondly... will whoever is using ip address 216.35.188.119, please sort > out their wget config file: > > 216.35.188.119 - - [29/Jan/2006:20:36:01 +0000] "HEAD /clamav/phish.ndb > HTTP/1.0" 200 0 "-" "Wget/1.10.2" > 216.35.188.119 - - [29/Jan/2006:20:38:01 +0000] "HEAD /clamav/phish.ndb > HTTP/1.0" 200 0 "-" "Wget/1.10.2" > 216.35.188.119 - - [29/Jan/2006:20:40:01 +0000] "HEAD /clamav/phish.ndb > HTTP/1.0" 200 0 "-" "Wget/1.10.2" > 216.35.188.119 - - [29/Jan/2006:20:42:01 +0000] "HEAD /clamav/phish.ndb > HTTP/1.0" 200 0 "-" "Wget/1.10.2" > 216.35.188.119 - - [29/Jan/2006:20:44:01 +0000] "HEAD /clamav/phish.ndb > HTTP/1.0" 200 0 "-" "Wget/1.10.2" > 216.35.188.119 - - [29/Jan/2006:20:46:01 +0000] "HEAD /clamav/phish.ndb > HTTP/1.0" 200 0 "-" "Wget/1.10.2" > 216.35.188.119 - - [29/Jan/2006:20:48:01 +0000] "HEAD /clamav/phish.ndb > HTTP/1.0" 200 0 "-" "Wget/1.10.2" > 216.35.188.119 - - [29/Jan/2006:20:50:02 +0000] "HEAD /clamav/phish.ndb > HTTP/1.0" 200 0 "-" "Wget/1.10.2" > 216.35.188.119 - - [29/Jan/2006:20:52:01 +0000] "HEAD /clamav/phish.ndb > HTTP/1.0" 200 0 "-" "Wget/1.10.2" > 216.35.188.119 - - [29/Jan/2006:20:54:01 +0000] "HEAD /clamav/phish.ndb > HTTP/1.0" 200 0 "-" "Wget/1.10.2" > 216.35.188.119 - - [29/Jan/2006:20:56:01 +0000] "HEAD /clamav/phish.ndb > HTTP/1.0" 200 0 "-" "Wget/1.10.2" > 216.35.188.119 - - [29/Jan/2006:20:58:01 +0000] "HEAD /clamav/phish.ndb > HTTP/1.0" 200 0 "-" "Wget/1.10.2" > > I don't update the sigs *that* often ;) > > IP has been blocked access for now. > > Cheers, > > Steve > > _______________________________________________ > http://lurker.clamav.net/list/clamav-users.html _______________________________________________ http://lurker.clamav.net/list/clamav-users.html
