Have your read the explanation at <https://www.clamav.net/documents/safebrowsing <https://www.clamav.net/documents/safebrowsing>>?
Please provide the phishing URL that is failing. You will probably need to obfuscate it in order to get it through the mail system, something like httx://.... -Al- On Fri, Dec 07, 2018 at 03:17 AM, Sunny Marwah wrote: > Hello Micah & Team, > > Have not received any response on my last email. > > Also, i have enabled Safebrowsing option in freshclam.conf as suggested by > you. > > Still i can see that ClamAV is not working properly. There is one file placed > on server and there is one phishing URL available in that file. That URL is > so deceptive that Chrome is not letting us open that URL due to labeling it > as "Deceptive" URL. > > Why ClamAV is still not able to find that file as "Infected" in scanning even > after enabling "Safebrowsing" option ?? > > Waiting for your quick and needful response. > > Regards > Sunny > > On Thu, Dec 6, 2018 at 4:41 PM Sunny Marwah <[email protected] > <mailto:[email protected]>> wrote: > Hi Micah, > > Thanks for letting me know about enabling SafeBrowsing CVD option in ClamAV. > > Google safe browsing put a website in 3 categories mentioned below : > 1 Secure > 2 Info or Not secure > 3 Not secure or Dangerous > > Curious to know how ClamAV will categorize the HTML file. Let's say, if any > "Note secure or Dangerous" URL is found, will ClamAV will show it as infected > file in scanning summary ? If this is the case, i guess in case "Secure" URL > is found, it will show as OK. And what if URL is found as "Info or Not > secure" ? > > Regards > Sunny > > > On Thu, Dec 6, 2018 at 3:19 PM Micah Snyder (micasnyd) <[email protected] > <mailto:[email protected]>> wrote: > It may be worth mentioning that in addition to the [optional] SafeBrowsing > CVD that you can choose to include, ClamAV has just started including > PhishTank signatures late last month. > > For those who curious, see https://lists.gt.net/clamav/virusdb/ > <https://lists.gt.net/clamav/virusdb/>. PhishTank signatures are prefixed > with Phishtank.Phishing. > > > Micah Snyder > ClamAV Development > Talos > Cisco Systems, Inc. > > >> On Dec 6, 2018, at 3:27 AM, Al Varnell <[email protected] >> <mailto:[email protected]>> wrote: >> >> Frankly, I'm surprised that ClamAV finds any such URL's. They are way to >> dynamic (blacklisted one day and removed the next). ClamAV does malware >> detection over the long haul and trying to keep up with fraudulent web sites >> would be a full time job and better done by other means (e.g. Google Safe >> Browsing). >> >> -Al- >> >> On Wed, Dec 05, 2018 at 11:33 PM, Sunny Marwah wrote: >>> Hello Team, >>> >>> We are using clamav-0.100.2 to scan few HTML email templates. >>> >>> Sometimes, there are deceptive URL's mentioned in those templates and that >>> template should be detected as infected via ClamAV scan process. >>> >>> I can see weird output of ClamAV scan process. Sometimes it detect such >>> templates as infected and sometimes, it does not detect them as infected. >>> And the URL's i am talking about, are so deceptive that even Google chrome >>> browser don't let us open these URL's and show us clear warning as >>> "Dangerous" about deceptive website. >>> >>> Can you put your views behind such unpredictable behavior ? >>> >>> If you want then i can report such URL's on your malware link for reporting. >>> >>> Regards >>> Sunny >> _______________________________________________ >> clamav-users mailing list >> [email protected] <mailto:[email protected]> >> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users >> <http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users> >> >> >> Help us build a comprehensive ClamAV guide: >> https://github.com/vrtadmin/clamav-faq >> <https://github.com/vrtadmin/clamav-faq> >> >> http://www.clamav.net/contact.html#ml <http://www.clamav.net/contact.html#ml> > _______________________________________________ > clamav-users mailing list > [email protected] <mailto:[email protected]> > http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users > <http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users> > > > Help us build a comprehensive ClamAV guide: > https://github.com/vrtadmin/clamav-faq > <https://github.com/vrtadmin/clamav-faq> > > http://www.clamav.net/contact.html#ml <http://www.clamav.net/contact.html#ml> > > > -- > Regards > Sunny > System Engineer > Mob : +91 9711155549 -Al- -- Al Varnell Mountain View, CA
_______________________________________________ clamav-users mailing list [email protected] http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
