Török Edwin wrote: > For whitelisting lada.cc you can use either: > X:(.+\.)?lada.cc([/?].*)?:(.+\.)?lada.cc([/?].*)? > > Or this one (but it will also whitelist URL mismatches from lada.cc to > anything, not recommended): > X:(.+\.)?lada.cc([/?].*)?:.+ > > Or any other regular expression that whitelists what you want, the > format is described in docs/phishsigs_howto.pdf, > in this case it is: X:RealURL:DisplayedURL
Ok, I've reviewed the phishsigs_howto.pdf, but have failed in my efforts to create a whitelist entry based on the hash (rather than using a regular expression). Here are the relevant lines from --debug output: === LibClamAV debug: Phishcheck:Checking url http://lada.cc/</a-> LibClamAV debug: Looking up hash 5B07A56EB8269FE807FE55828D69A56135A1E43B1CDD96432AC5DDFC75251142 for lada.cc/(8)</a(1) LibClamAV debug: Looking up hash F5B73C1339C8C9B2B9537F129D63F4ECA16E0346819FB417E643CDA7B9EFA09A for lada.cc/(8)</a(0) LibClamAV debug: prefix matched LibClamAV debug: Hash matched for: http://lada.cc/</a LibClamAV debug: Phishcheck:URL after cleanup: http://lada.cc-> LibClamAV debug: Displayed 'url' is not url: LibClamAV debug: Phishing: looking up in whitelist: http://lada.cc:; host-only:0 LibClamAV debug: Looking up in regex_list: http://lada.cc:/ LibClamAV debug: Lookup result: not in regex list LibClamAV debug: Phishcheck: Phishing scan result: Blacklisted LibClamAV debug: found Possibly Unwanted: Safebrowsing.Suspected-malware_safebrowsing.clamav.net === Can you show me what a valid hash whitelist entry in local.wdb might look like for this hash? > The per-entry whitelisting and other features we discussed will be in > 0.95.1: > https://wwws.clamav.net/bugzilla/show_bug.cgi?id=1482 Great, thanks. Bill _______________________________________________ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
