Török Edwin wrote: >> Ok, I've reviewed the phishsigs_howto.pdf, but have failed in my efforts >> to create a whitelist entry based on the hash > > "whitelist entry based on hash = per-entry whitelisting" I was referring > to below, that will be in 0.95.1 > >> (rather than using a >> regular expression). > > The only way (for now) is to use a regular expression.
Ah, ok, I misunderstood. >> Here are the relevant lines from --debug output: >> === >> LibClamAV debug: Phishcheck:Checking url http://lada.cc/</a-> >> LibClamAV debug: Looking up hash >> 5B07A56EB8269FE807FE55828D69A56135A1E43B1CDD96432AC5DDFC75251142 for >> lada.cc/(8)</a(1) >> LibClamAV debug: Looking up hash >> F5B73C1339C8C9B2B9537F129D63F4ECA16E0346819FB417E643CDA7B9EFA09A for >> lada.cc/(8)</a(0) >> LibClamAV debug: prefix matched >> LibClamAV debug: Hash matched for: http://lada.cc/</a >> LibClamAV debug: Phishcheck:URL after cleanup: http://lada.cc-> >> LibClamAV debug: Displayed 'url' is not url: >> LibClamAV debug: Phishing: looking up in whitelist: http://lada.cc:; >> host-only:0 >> LibClamAV debug: Looking up in regex_list: http://lada.cc:/ >> LibClamAV debug: Lookup result: not in regex list >> LibClamAV debug: Phishcheck: Phishing scan result: Blacklisted >> LibClamAV debug: found Possibly Unwanted: >> Safebrowsing.Suspected-malware_safebrowsing.clamav.net >> === >> >> Can you show me what a valid hash whitelist entry in local.wdb might >> look like for this hash? >> > > For 0.95.1 I was thinking about something like this (not yet implemented): > S:X:F5B73C1339C8C9B2B9537F129D63F4ECA16E0346819FB417E643CDA7B9EFA09A That would work for me. Thanks! Bill _______________________________________________ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
