Török Edwin wrote: > On 2009-04-08 22:40, Bill Landry wrote: >> Török Edwin wrote: >> >> Hi Edwin, >> >> >>> For 0.95.1 I was thinking about something like this (not yet implemented): >>> S:X:F5B73C1339C8C9B2B9537F129D63F4ECA16E0346819FB417E643CDA7B9EFA09A >>> >> I am now running: >> >> clamscan --version >> ClamAV 0.95.1/9214/Wed Apr 8 09:46:42 2009 >> >> However, I tried this syntax in a file called local.wdb: >> >> S:X:F5B73C1339C8C9B2B9537F129D63F4ECA16E0346819FB417E643CDA7B9EFA09A >> >> but "clamscan -d local.wdb test.txt" returns this: >> >> LibClamAV Error: Can't load local.wdb: Malformed database >> ERROR: Malformed database >> >> I couldn't find anything definitive about this in the >> phishsigs_howto.pdf, so I based this syntax off of your example above. >> Has this Safebrowsing "hash whitelisting" feature not yet been enabled >> in ClamAV 0.95.1? >> > > Hi Bill, > > phishsigs_howto.pdf says this: > > To see which hash/URL matched, look at the clamscan --debug output, and look > for the following strings: Looking up hash, prefix matched, and Hash > matched. > Local whitelisting of .gdb entries can be done by creating a local.gdb > file, and adding > a line S:W:<HASH>.
Ah yes, now I see it... :-/ > There's also a script to automate creating local.gdb entries: > http://svn.clamav.net/svn/clamav-devel/trunk/contrib/phishing/gdbwhitelist.sh Okay, thanks. Will this script eventually be include in the "contrib" directory of the ClamAV source package? Bill _______________________________________________ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
