On 2009-03-24 17:04, Bill Landry wrote: > Török Edwin wrote: > > >> For whitelisting lada.cc you can use either: >> X:(.+\.)?lada.cc([/?].*)?:(.+\.)?lada.cc([/?].*)? >> >> Or this one (but it will also whitelist URL mismatches from lada.cc to >> anything, not recommended): >> X:(.+\.)?lada.cc([/?].*)?:.+ >> >> Or any other regular expression that whitelists what you want, the >> format is described in docs/phishsigs_howto.pdf, >> in this case it is: X:RealURL:DisplayedURL >> > > Ok, I've reviewed the phishsigs_howto.pdf, but have failed in my efforts > to create a whitelist entry based on the hash
"whitelist entry based on hash = per-entry whitelisting" I was referring to below, that will be in 0.95.1 > (rather than using a > regular expression). The only way (for now) is to use a regular expression. > Here are the relevant lines from --debug output: > === > LibClamAV debug: Phishcheck:Checking url http://lada.cc/</a-> > LibClamAV debug: Looking up hash > 5B07A56EB8269FE807FE55828D69A56135A1E43B1CDD96432AC5DDFC75251142 for > lada.cc/(8)</a(1) > LibClamAV debug: Looking up hash > F5B73C1339C8C9B2B9537F129D63F4ECA16E0346819FB417E643CDA7B9EFA09A for > lada.cc/(8)</a(0) > LibClamAV debug: prefix matched > LibClamAV debug: Hash matched for: http://lada.cc/</a > LibClamAV debug: Phishcheck:URL after cleanup: http://lada.cc-> > LibClamAV debug: Displayed 'url' is not url: > LibClamAV debug: Phishing: looking up in whitelist: http://lada.cc:; > host-only:0 > LibClamAV debug: Looking up in regex_list: http://lada.cc:/ > LibClamAV debug: Lookup result: not in regex list > LibClamAV debug: Phishcheck: Phishing scan result: Blacklisted > LibClamAV debug: found Possibly Unwanted: > Safebrowsing.Suspected-malware_safebrowsing.clamav.net > === > > Can you show me what a valid hash whitelist entry in local.wdb might > look like for this hash? > For 0.95.1 I was thinking about something like this (not yet implemented): S:X:F5B73C1339C8C9B2B9537F129D63F4ECA16E0346819FB417E643CDA7B9EFA09A Best regards, --Edwin _______________________________________________ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
