Re: [Clamav-users] Google Safebrowsing: listed in clamav safebrowsing.cvd and 'white' status in StopBadware and 'not listed" at Google SafwBrowse status page

Mon, 27 Jul 2009 07:31:46 -0700 

Hi Edwin,

2009/7/24 Török Edwin <edwinto...@gmail.com>:
> On 2009-07-24 01:26, cas...@gmail.com wrote:
>> Hi,
>>
>>    I need some help to understand this issue.
>>
>>    We are using safebrowsing.cvd (postfix/amavisd/clamd) and we
>> started to get problems with two newsletters here [1] [2]
>>
>>    Messages are in HTML and have some 'links'. I tested all I could
>> find and got the same result as [1][2] (except for some sites that had
>> never been listed).
>>
>>    I used the SafeBrowsing 'diagnostic' tool and I got "This site is
>> not currently listed as suspicious" for both sites [1][2].
>>
>>    I searched at StopBadware [3][4] and sites are 'white bullet' status.
>>
>>    Just 'owners' [5]can ask for a review but, before reporting to
>> them, I would like to know if safebrowsing.cvd is ok in clamav.net.
>>
>>    If I missed something, please, help me to find the 'docs' to solve
>> my question (for example, how can I know what is the 'content' in the
>> email message contents that 'triggered' the safebrowsing.cvd
>> signature?)
>>
>
> You can run 'clamscan --debug yourfile.eml', and look for something like
> this in the debug output:
>
> LibClamAV debug: Phishcheck:Checking url ....
> LibClamAV debug: Looking up hash
> 73D986E009065F182C10BCB6A45DB3D6EDA9498F8930654AF2653F8A938CD801 for ...
> LibClamAV debug: Looking up hash
> 7F6FD541E625E7BC5D5A64F166E47ECFE13735464A74D160B48265C162A71089 for ....
> LibClamAV debug: prefix matched
> LibClamAV debug: This hash matched:
> 7F6FD541E625E7BC5D5A64F166E47ECFE13735464A74D160B48265C162A71089
> LibClamAV debug: Hash matched for .....
> LibClamAV debug: Phishcheck: Phishing scan result: Blacklisted

   Sorry for taking so long to answer. I am a 'newbie' in this issues
of hashs analysis.

   Following your directions I found the 'triggering' URL. Nothing
appears as suspected, but there is a 'link' to a .doc file. I will try
to notify the site's owner.

   Really thank you.

Best regards,
Cássio
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Reply via email to