On 2009-07-24 01:26, cas...@gmail.com wrote: > Hi, > > I need some help to understand this issue. > > We are using safebrowsing.cvd (postfix/amavisd/clamd) and we > started to get problems with two newsletters here [1] [2] > > Messages are in HTML and have some 'links'. I tested all I could > find and got the same result as [1][2] (except for some sites that had > never been listed). > > I used the SafeBrowsing 'diagnostic' tool and I got "This site is > not currently listed as suspicious" for both sites [1][2]. > > I searched at StopBadware [3][4] and sites are 'white bullet' status. > > Just 'owners' [5]can ask for a review but, before reporting to > them, I would like to know if safebrowsing.cvd is ok in clamav.net. > > If I missed something, please, help me to find the 'docs' to solve > my question (for example, how can I know what is the 'content' in the > email message contents that 'triggered' the safebrowsing.cvd > signature?) >
You can run 'clamscan --debug yourfile.eml', and look for something like this in the debug output: LibClamAV debug: Phishcheck:Checking url .... LibClamAV debug: Looking up hash 73D986E009065F182C10BCB6A45DB3D6EDA9498F8930654AF2653F8A938CD801 for ... LibClamAV debug: Looking up hash 7F6FD541E625E7BC5D5A64F166E47ECFE13735464A74D160B48265C162A71089 for .... LibClamAV debug: prefix matched LibClamAV debug: This hash matched: 7F6FD541E625E7BC5D5A64F166E47ECFE13735464A74D160B48265C162A71089 LibClamAV debug: Hash matched for ..... LibClamAV debug: Phishcheck: Phishing scan result: Blacklisted Best regards, --Edwin _______________________________________________ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
