Török Edwin wrote: > They can be whitelisted by using .wdb entries [1], which allows you to > use a POSIX regular expressions to whitelist any URL. > (the original URL, not the hash). > > Since the entries in safebrowsing.cld change often whitelisting based on > position in the .cld wouldn't work. > If you need some local.ign-like whitelisting of specific entries, I > think that could be implemented too. > > The clamscan --debug output reports both the URL and the hash that > caused the detection, and adding the hash to a local.wdb file could > whitelist that particular hash. > Perhaps we could distribute a script in contrib/ that would generate a > whitelist entry given a sample. Would that work for you?
Hi Edwin, I didn't find a sample script in the contrib directory for this, but is this the information I should be looking for from the output of "clamdscan --debug": LibClamAV debug: Phishcheck:Checking url http://lada.cc/</a-> LibClamAV debug: Looking up hash 5B07A56EB8269FE807FE55828D69A56135A1E43B1CDD96432AC5DDFC75251142 for lada.cc/(8)</a(1) LibClamAV debug: Looking up hash F5B73C1339C8C9B2B9537F129D63F4ECA16E0346819FB417E643CDA7B9EFA09A for lada.cc/(8)</a(0) This shows 2 hashes, so I'm wondering what the format of the .wdb file should look like? I'm assuming the file should be named safebrowsing.wdb? Thanks! Bill _______________________________________________ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
