Hi all, I've been frantically grazing through the ClamAV mail archives and been Googling to find out how to make regex work with pdb (phishing database) files. I'm using ClamAV version 0.93 on Linux platform.
I was reading the phishsigs_howto.pdf included in the ClamAV tarball. My custom domainlist test.pdb contains: --- R:.+\.paypal\.com:.+\.yahoo\.com --- The email file which I need to scan is: --- Subject: test mail Content-Type: text/html <html> Click here <a href="paypal.com">yahoo.com</a> </html> --- But somehow ClamAV doesn't detect the mail as virus. In contrast, if I use "H:yahoo.com" in test.pdb, the mail is detected as virus under Phishing.SpoofedDomain. As a sidenote, I've also tried "R .+ .+\.paypal\.com" as an entry in the test.pdb (as the phishsigs_howto.pdf) document says. But it is of no use. Can someone please enlighten me why this wouldn't work? Thanks, Srini _______________________________________________ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
