On 2009-04-08 22:40, Bill Landry wrote: > Török Edwin wrote: > > Hi Edwin, > > >> For 0.95.1 I was thinking about something like this (not yet implemented): >> S:X:F5B73C1339C8C9B2B9537F129D63F4ECA16E0346819FB417E643CDA7B9EFA09A >> > > I am now running: > > clamscan --version > ClamAV 0.95.1/9214/Wed Apr 8 09:46:42 2009 > > However, I tried this syntax in a file called local.wdb: > > S:X:F5B73C1339C8C9B2B9537F129D63F4ECA16E0346819FB417E643CDA7B9EFA09A > > but "clamscan -d local.wdb test.txt" returns this: > > LibClamAV Error: Can't load local.wdb: Malformed database > ERROR: Malformed database > > I couldn't find anything definitive about this in the > phishsigs_howto.pdf, so I based this syntax off of your example above. > Has this Safebrowsing "hash whitelisting" feature not yet been enabled > in ClamAV 0.95.1? >
Hi Bill, phishsigs_howto.pdf says this: To see which hash/URL matched, look at the clamscan --debug output, and look for the following strings: Looking up hash, prefix matched, and Hash matched. Local whitelisting of .gdb entries can be done by creating a local.gdb file, and adding a line S:W:<HASH>. There's also a script to automate creating local.gdb entries: http://svn.clamav.net/svn/clamav-devel/trunk/contrib/phishing/gdbwhitelist.sh Best regards, --Edwin _______________________________________________ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
