Timothy Sumner wrote: > Hi Clam Users, > > Could anyone help me to find out more information about this signature > Phishing.Heuristics.Email.HexURL > > I can't see it in my /var/lib/clamav anywhere? > > I switched off Phishing in the clamd.conf and it still didn't allow the > messages through. > > PhishingSignatures no > PhishingScanURLs no > > Kind regards, > > Tim
There isn't an actual signature, rather clamav has detected a hex-encoded URL that smells rather phishy. To disable these heuristics based signatures in clamd/clamdscan, set PhishingScanURLs no in clamd.conf and then stop/start clamd. To disable them in "clamscan", use the command line option "--no-phishing-scan-urls" If you're using a tool other than clamscan or clamdscan, ie. something that accesses libclamav directly, check with the supplier of that tool. -- Noel Jones _______________________________________________ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
