[Clamav-users] Problem with Phishing false positives
Hello, I tried the options below to disable phishing completely but I still receive virus alerts in the maillog. Is there a way to completely disable this feature ? clamav version : clamav-0.91.2 Used with courier-mta + courier-pythonfilter (only clamav activated) the setting changed in clamd.conf PhishingSignatures no PhishingScanURLs no Message in the maillog : Dec 20 09:12:55 verona courieresmtpd: error,relay=:::195.222.126.197,from=: 554 Virus found - Signature is Phishing.Heuristics.Email.SpoofedDomain Regards ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Problem with Phishing false positives
hmm interesting question, I will ask the dev and get back to the ML soon. Regards, Török Edwin wrote: > FM wrote: >> Hello, >> I tried the options below to disable phishing completely but I still >> receive virus alerts in the maillog. >> Is there a way to completely disable this feature ? >> >> clamav version : clamav-0.91.2 >> >> Used with courier-mta + courier-pythonfilter (only clamav activated) >> > > How does courier-pythonfilter use clamav? Via clamdscan, sockets, or > clamscan? > > --Edwin > ___ > Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net > http://lurker.clamav.net/list/clamav-users.html ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Problem with Phishing false positives
Yes, It is using libclamav John Rudd wrote: > Török Edwin wrote: >> FM wrote: >>> Hello, >>> I tried the options below to disable phishing completely but I still >>> receive virus alerts in the maillog. >>> Is there a way to completely disable this feature ? >>> >>> clamav version : clamav-0.91.2 >>> >>> Used with courier-mta + courier-pythonfilter (only clamav activated) >>> >> How does courier-pythonfilter use clamav? Via clamdscan, sockets, or >> clamscan? > > or, perhaps like perl's Mail::ClamAV, it might use it via libclamav > directly. > > (just saying, there's a 4th option) > ___ > Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net > http://lurker.clamav.net/list/clamav-users.html ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
[Clamav-users] sigtool and phishing
hello, I have lots of false positive with clamav phishing detection. What is the correct way to remove these rules using sigtool? Regards ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] sigtool and phishing
Tx for the reply but in my case it is not that easy. I am using courier-mta and courier-pythonfilter to connect the mta and clamav This filter is using libclamav directly and in clamd.conf I have : PhishingScanURLs no PhishingSignatures no but still have virus alert in the maillog Regards, Dennis Peterson wrote: > FM wrote: > >> hello, >> I have lots of false positive with clamav phishing detection. >> What is the correct way to remove these rules using sigtool? >> > > > From a recent post: > > > You can disable the heuristics-based phish checks without > > disabling the signature-based checks. Both the official > > clamav and SaneSecurity sigs will still work, but the false > > positive prone heuristics will be disabled. > > > > With clamscan, use the --no-phishing-scan-urls option. > > For clamd/clamdscan set in your clamd.conf: > > DetectPhishing yes > > PhishingScanURLs no > > and restart clamd. > > > dp > ___ > Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net > http://lurker.clamav.net/list/clamav-users.html > ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
[Clamav-users] VirusEvent Variables
Hello, I am using clamAV 0.91.2 I set the VirusEvent to be alerted when we receive virus. Are there other variables then %v ? like adresse of the sender,...? Regards, ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
