Hello Steve, Le Mardi 24 Janvier 2006 21:49, Steve Basford a écrit : > As, I've seen a number of new phishing attempts get past the Official > ClamAV signatures, I thought I'd try to produce my own signatures, to > see if some of these newer phishing attempts could be stopped. > > They are here to download, if anyone is interested: > http://www.sanesecurity.com/clamav/
Your signatures are based on HTML (Filetype = 3). Shouldn't it be based on Mail (Filetype = 4) ? This could avoid false positive like this one : - Go to http://www.sanesecurity.com/clamav/ - Save the html page on your hardisk - Scan the saved web page with your phish.ndb signatures => Html.Phishing.Auction.Sanesecurity.06010701 FOUND Anyway, thank you for creating signatures. This is usefull for a lot of us. Best regards, Arnaud Jacques Consultant Sécurité Téléphone / Fax : +33-(0)3.44.39.76.46 Portable : +33-(0)6.24.40.95.03 E-mail : [EMAIL PROTECTED] Securiteinfo.com La Sécurité Informatique - La Sécurité des Informations. 266, rue de Villers 60123 Bonneuil en Valois _______________________________ _______________________________________________ http://lurker.clamav.net/list/clamav-users.html
