On 06/07/2012 09:57 PM, David Raynor wrote: > The safebrowsing feature of ClamAV uses a separate domain list and > whitelist from the other signatures. The blacklisted domains are stored in > .pdb files, and the whitelist is stored in .wdb files. > These process > domains from URLs instead of virus signatures, so that's why trying to use > your local .ign2 whitelist didn't help. > > You'll need both the real URL and the displayed URL from the weblink to > whitelist a link. Here's an example of a safebrowsing whitelist item. To > whitelist a link that displays "displayhostname.com" with a real URL target > of "www.myrealhostname.com", the line will look like this: > > M:displayhostname.com:www.myrealhostname.com > > The M is the type flag for simple hostname comparisons. There are other > types for regular expressions if you need it. > > Replace the hostnames appropriately and add a line like that to your local > whitelist (.wdb not .ign2) and you should be good to go.
That is correct for the anti-phishing feature, but it won't work for safebrowsing matches. (whitelist_check never reached, if url_hash_match). See phishsigs_howto.pdf "GDB format", it describes how to whitelist safebrowsing matches in a local.gdb. > > Dave R. > > PS: As for Google's Safebrowsing list, they offer a page to check the > status for any domain. They do have some transparency on why a domain was > placed on the list, and links for web administrators to seek remediation. > http://www.google.com/safebrowsing/diagnostic?site=bestwesternsupply.com Best regards, --Edwin > > -- > Dave Raynor > Senior Research Engineer, VRT > > > On Thu, Jun 7, 2012 at 2:26 PM, Alex <mysqlstud...@gmail.com> wrote: > >> Hi, >> >> How can I determine what domains the pattern >> "Heuristics.Safebrowsing.Suspected-phishing_safebrowsing.clamav.net" >> contains? I thought it was only a single domain, but it appears to >> contain numerous? >> >> If that's the case, then I'd prefer to not ignore the whole rule, but >> whitelist one of the domains within the rule. Is that possible? >> >> If I were to disable this rule, would adding it as it is displayed >> above to the ign2 file be the correct way? For some reason that >> doesn't seem to work here. >> >> Thanks, >> Alex >> _______________________________________________ >> Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net >> http://www.clamav.net/support/ml >> > _______________________________________________ > Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net > http://www.clamav.net/support/ml > _______________________________________________ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
