> > ClamAV still doesn't ctach all variants of a Parite.B
>
> Please show me an active variant of Parite.B that is not detected by
> ClamAV and at the same time is not a false positive detection of some
> 3rd party scanners.
>
> Then I will owe you a beer ;-)
Depends how you define "active". I
> > Sites were hot at the time the messages were received, so either my concept
> > of how ClamAV blocks phishing is wrong or the detection method is not as
> > generic as I would have thought.
> >
> Generic fishing signature can be done... but... they are very difficult
> to get right, without
> I feel that it's going to be quite difficult for me to go though 500-odd
> ClamAV phishing signatures and
> compare them, with an editor to my 100-ish signatures and find out what
> bits are duplicated. I really
> need some samples.
>
> If possible, to save a whole load of time... could you:
You should really cleanup your signatures. I have a Phishing set of
512 Phishing of which 23 are not recognised by ClamAV. From those
only 4 are captured by your signatures, which are the following:
d:\_ham-mails\_scan/phishing.070:
Html.Phishing.Bank.Sanesecurity.05080100 FOUND
d:\_ham-mails\_
> It's not a bug nor a known problem. You didn't install/configure ClamAV
> properly.
I did install it properly as there isn't much to do wrong, when
downloading the NSIS-based installer and just click "OK" everywhere.
And I found the "problem". Look at this:
P:\_virii>c:\clamav-devel\bin\clam
