Alessandro, Agreed. You can submit fp's and help keep the databases current by sending the messages to this website:
http://www.clamav.net/lang/en/sendvirus/submit-fp/ On Fri, Jul 18, 2014 at 3:28 PM, Alessandro Vesely <ves...@tana.it> wrote: > Hi Steve, > > On Fri 18/Jul/2014 19:00:08 +0200 Steven Morgan wrote: > > > > Also, have a look at the document phishsigs_howto.pdf in the ClamAV docs/ > > directory. It contains some info on identifying the reason for the phish > > detection and on how to write whitelist signatures. > > Hm... why.py doesn't seem to be up to date. But --debug still works. > > > You should be able to create a local whitelist, local.wdb for > > example, and add that to your database directory rather than > > modifying daily.wdb. > > Correct, thanks. If I create local.wdb having these three lines: > > M:www.facebook.com:www.sella.it > M:plus.google.com:www.sella.it > M:www.youtube.com:www.sella.it > > then the message is clean. daily.cld already contains similar lines, > but it seems the bank change their html more quickly than database > maintainers can cope with :-/ > > Note that I already know the sender is whitelisted by DNSWL by the > time I scan. However, keeping two engines, one of which is loaded > without phishing signatures would seem to be overkilling, no? > > Any other idea? > Ale > _______________________________________________ > Help us build a comprehensive ClamAV guide: > https://github.com/vrtadmin/clamav-faq > http://www.clamav.net/support/ml > _______________________________________________ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/support/ml
