On Fri, 6 Oct 2006, 22:14 GMT+02 Robert Allerstorfer wrote: > On Wed, 4 Oct 2006, 10:59 GMT+03 Török Edvin wrote:
>> On 10/3/06, Robert Allerstorfer wrote: >>> How can yet undetected phishings be submitted to the project? >> Submit a sample: http://cgi.clamav.net/sendvirus.cgi, following the >> rules on that page. > OK, just submitted 2 raw mails (more than 2 submissions a day are not > allowed according to that page) which should add > H bankofcastile.com > H imglt.com > to 'daily.pdb' (as of 'daily.cvd' version 2000). Hm, these submissions have been rejected (daily.cvd version 2009): Submission-ID: 501386 Sender: Robert Allerstorfer Submission notes: Same as in Submission-ID 495773 Added: No However, I can't find anything about such a Submission-ID 495773. The mail in question is definately a Phishing.Email. LibClamAV debug: PH:Checking url http://im-exil.de/travian/www.bankofcastile.com/index.html->http://www.bankofcastile.com/sso_signup_filter.jsp?LOB=RBGSurvey So I cannot understand why the official ClamAV db maintainers don't want to update 'daily.pdb'. Keeping a "private" custom.pdb in addition to the official daily.pdb would not work, unfortunately - only one .pdb can be loaded by clamscan. When clamscan tries to load another .pdb, it exits with an error. regards, rob. _______________________________________________ http://lurker.clamav.net/list/clamav-users.html
