Hi there,
On Tue, 11 Aug 2020, Gary R. Schmidt wrote:
On 11/08/2020 00:53, Paul via clamav-users wrote:
[SNIP]
Further digging has led me to find that when 'PhishingScanURLs no" is set
the signatures in safebrowsing.cld are not loaded by clamd.
Well, there's a win for plain and simple use
On 11/08/2020 00:53, Paul via clamav-users wrote:
[SNIP]
Further digging has led me to find that when 'PhishingScanURLs no" is
set the signatures in safebrowsing.cld are not loaded by clamd.
Well, there's a win for plain and simple use of the English language (or
a close approximation the
On 10/08/2020 15:10, G.W. Haywood via clamav-users wrote:
Hi there,
On Mon, 10 Aug 2020, Paul via clamav-users wrote:
Can anybody explain why when "PhishingScanURLs no " I get Loaded
9042923 signatures in logs and when "PhishingScanURLs yes" I get
Loaded 11256306 signatures
I would ha
Hi there,
On Mon, 10 Aug 2020, Paul via clamav-users wrote:
Can anybody explain why when "PhishingScanURLs no " I get Loaded 9042923
signatures in logs and when "PhishingScanURLs yes" I get Loaded 11256306
signatures
I would have expected the difference to be the count of urls in daily.
Hi
Can anybody explain why when "PhishingScanURLs no " I get Loaded
9042923 signatures in logs and when "PhishingScanURLs yes" I get Loaded
11256306 signatures
I would have expected the difference to be the count of urls in
daily.pdb (263) not 2,213,383. What else is not getting loaded
On 04/27/2010 10:40 PM, Kris Deugau wrote:
> *snort* ISP end-users running *nix? Well, maybe one or two out of
> ~50K...
Well python runs on Windows as well, and there is even something like
py2exe which embeds a python intepreter with the script.
But its probably too much hassle to get even s
Török Edwin wrote:
Are you sure it was a Heuristics.Phishing.*, or Phishing.Heuristics.*
detection?
It doesn't look at the subject line at all.
Pretty certain; I don't recall the username so it's a bit hard to check
back in the mail logs.
What does the "17-" at the end indicate?
It indic
On 04/27/2010 08:57 PM, Kris Deugau wrote:
> Török Edwin wrote:
>> On 04/22/2010 05:26 PM, Kris Deugau wrote:
>>> I've had reports of several FPs due to PhishingScanURLs recently - is
>>> there any way it can be made less aggressive rather than just turning it
>>> off outright?
>>
>> You could remo
Török Edwin wrote:
On 04/22/2010 05:26 PM, Kris Deugau wrote:
I've had reports of several FPs due to PhishingScanURLs recently - is
there any way it can be made less aggressive rather than just turning it
off outright?
You could remove domains from daily.pdb
I don't seem to have this as a se
On 04/22/2010 05:26 PM, Kris Deugau wrote:
> I've had reports of several FPs due to PhishingScanURLs recently - is
> there any way it can be made less aggressive rather than just turning it
> off outright?
You could remove domains from daily.pdb/whitelist all mails that contain
certain domains.
>
I've had reports of several FPs due to PhishingScanURLs recently - is
there any way it can be made less aggressive rather than just turning it
off outright?
The messages triggering it so far have been both outgoing and incoming
mail from our customers: forwarded copies of legitimate Amazon.ca
Roberto Ullfig wrote:
> PhishingScanURLs no
> while the default in 0.93.1 is yes
> What exactly does this test do?
It uses heuristics to attempt to detect Phishing scams. I don't believe
it actually follows the links as was suggested by another poster.
We keep PhishingScanURLs turned off for a
I believe it follows links in HTML to see if they are phishing scams or not.
On Tue, Jul 8, 2008 at 11:36 AM, Roberto Ullfig <[EMAIL PROTECTED]> wrote:
> I've been reviewing our clamav configuration and noticed that we have:
>
> PhishingScanURLs no
>
> while the default in 0.93.1 is yes
>
> What
I've been reviewing our clamav configuration and noticed that we have:
PhishingScanURLs no
while the default in 0.93.1 is yes
What exactly does this test do? How many of you have it turned on and off?
--
Roberto Ullfig - [EMAIL PROTECTED]
___
Help u
Tilman Schmidt wrote:
> Also, OpenOffice on Linux is normally run from a non-privileged user ID,
> heavily limiting the ability of any malicious macro to harm or propagate.
Huh? What difference does running as a non-privileged user make when
the method of infection is to spread via *documents*?
Le Mon 12/11/2007, Tilman Schmidt disait
> John Rudd schrieb:
> > Tilman Schmidt wrote:
> >
> >> (Remember the viruses ClamAV checks for
> >> are *Windows* viruses. A unixoid OS doesn't run ClamAV for its own
> >> protection but for the protection of Windows clients.)
> >
> > OpenOffice isn't vul
John Rudd schrieb:
> Tilman Schmidt wrote:
>
>> (Remember the viruses ClamAV checks for
>> are *Windows* viruses. A unixoid OS doesn't run ClamAV for its own
>> protection but for the protection of Windows clients.)
>
> OpenOffice isn't vulnerable to Office Macro viruses?
AFAIK, no. Kaspersky ha
Tilman Schmidt wrote:
> (Remember the viruses ClamAV checks for
> are *Windows* viruses. A unixoid OS doesn't run ClamAV for its own
> protection but for the protection of Windows clients.)
OpenOffice isn't vulnerable to Office Macro viruses?
(I honestly don't know, just asking)
Joe Clements schrieb:
> For what it is worth, Linux will only forge ahead in the market by
> improvements in 2 areas. One of them is security.
I think you are wrong there. Security doesn't improve market share.
Unixoid OSes have been much more secure than Windows since Windows was
born, and look
Daniel T. Staal wrote:
> On Tue, October 30, 2007 10:15 am, David F. Skoll said:
>
>> (Our customers, in fact, always run ClamAV in conjunction with an
>> anti-spam scanner, so it's no benefit to them to have Clam try to do
>> anti-spam.)
>
> I usually find it a detriment: ClamAV is nowhere _near
On October 29, 2007 06:53 pm Joe Clements wrote:
> For what it is worth, Linux will only forge ahead in the market by
> improvements in 2 areas. One of them is security. I would like to see
> 1 security suite which has the capability to deal with ALL threats.
> Windows security has to have an anti
On Tue, October 30, 2007 10:15 am, David F. Skoll said:
> (Our customers, in fact, always run ClamAV in conjunction with an
> anti-spam scanner, so it's no benefit to them to have Clam try to do
> anti-spam.)
I usually find it a detriment: ClamAV is nowhere _near_ as good at
distinguishing spam/
Graham Toal wrote:
> In fact with a decent string search algorithm (using a trie of
> strings) there should be very little extra overhead in adding more
> strings to be searched in parallel.
PhishingScanURLs does not use string matching. It uses regexes,
and in general regex matching is NP-hard
"David F. Skoll" <[EMAIL PROTECTED]> wrote:
> The philosophical one: Do heuristics like PhishingScanURLs belong in a
> virus scanner? I realize that once the engine is in place, it's
>tempting to add features, but I'm not convinced such things belong in
> a virus scanner. I think they are more in
John Rudd wrote:
> http://people.ucsc.edu/~jrudd/ClamAV/318642.mbox
> http://people.ucsc.edu/~jrudd/ClamAV/318715.mbox
Those scanned pretty quickly for me. I don't believe I'm seeing
really bad behaviour on any particular message; I just see way more
overhead on all messages.
On my customer's s
Steve Holdoway wrote:
> On Mon, 29 Oct 2007 19:25:14 -0700
> Dennis Peterson <[EMAIL PROTECTED]> wrote:
>> I don't see where Linux is unique in this regard. I also don't see why the
>> success of
>> Linux is particularly important vs BSD, Solaris, Windows, etc. But I suppose
>> that
>> discuss
Steve Holdoway wrote:
>> I don't see where Linux is unique in this regard. I also don't see why the
>> success of
>> Linux is particularly important vs BSD, Solaris, Windows, etc. But I suppose
>> that
>> discussion is for another forum.
>>
>
> I think the OP may beconsidering linux as a des
On Mon, 29 Oct 2007 19:25:14 -0700
Dennis Peterson <[EMAIL PROTECTED]> wrote:
> Joe Clements wrote:
>
> >> For what it is worth, Linux will only forge ahead in the market by
> >> improvements
> >> in 2 areas. One of them is security. I would like to see 1 security suite
> >> which
> >> has the
Joe Clements wrote:
>> For what it is worth, Linux will only forge ahead in the market by
>> improvements
>> in 2 areas. One of them is security. I would like to see 1 security suite
>> which
>> has the capability to deal with ALL threats. Windows security has to have an
>> anti virus, anti troj
On Monday 29 October 2007 18:07, Dennis Peterson wrote:
> John Rudd wrote:
> > John Rudd wrote:
> >> I can produce 2 examples of messages that cause the problem, in RFC822
> >> format, for anyone who wants to experiment with them.
> >
> > I decided I'd just go ahead and make them available:
> >
> >
David F. Skoll wrote:
> Hello,
>
> A client of ours had a bunch of machines whose CPUs were maxed out
> at 100% because of clam. Changing PhishingScanURLs to "no" from the
> default "yes" dropped the load average from 70+ to about 3, and the
> CPU usage from 100% to under 50%. This is under Linux
John Rudd wrote:
> John Rudd wrote:
>
>> I can produce 2 examples of messages that cause the problem, in RFC822
>> format, for anyone who wants to experiment with them.
>
> I decided I'd just go ahead and make them available:
>
> http://people.ucsc.edu/~jrudd/ClamAV/318642.mbox
>
> http://peop
David F. Skoll wrote:
> Hello,
>
> A client of ours had a bunch of machines whose CPUs were maxed out
> at 100% because of clam. Changing PhishingScanURLs to "no" from the
> default "yes" dropped the load average from 70+ to about 3, and the
> CPU usage from 100% to under 50%. This is under Linu
John Rudd wrote:
> I can produce 2 examples of messages that cause the problem, in RFC822
> format, for anyone who wants to experiment with them.
I decided I'd just go ahead and make them available:
http://people.ucsc.edu/~jrudd/ClamAV/318642.mbox
http://people.ucsc.edu/~jrudd/ClamAV/318715.mb
David F. Skoll wrote:
> Hello,
>
> A client of ours had a bunch of machines whose CPUs were maxed out
> at 100% because of clam. Changing PhishingScanURLs to "no" from the
> default "yes" dropped the load average from 70+ to about 3, and the
> CPU usage from 100% to under 50%. This is under Linu
Hello,
A client of ours had a bunch of machines whose CPUs were maxed out
at 100% because of clam. Changing PhishingScanURLs to "no" from the
default "yes" dropped the load average from 70+ to about 3, and the
CPU usage from 100% to under 50%. This is under Linux, so it's not
the broken Solaris
36 matches
Mail list logo
