Hi guys,
I need a bit of help in understanding why ClamAV finds phishing URLs in the
very very legitimate emails.
I have got some customers complaining that some emails from normal retail
shops (newsletters) are marked as phising. Also multiple customers having
issues with receiving emails from A
On Tue, September 23, 2014 12:44 pm, Thorvald Hallvardsson wrote:
> Anyone would like to point me into the right direction and help me out
> with the problems I'm having ?
Report as an FPs here:
http://cgi.clamav.net/sendvirus.cgi
ClamAV team will need to add hosts to the daily.wdb database to
Hi Steve,
Thank you for your answer. If I would like to build my own database (I have
read PDF but I don't understand really how it works) what would be the
syntax for it ?
H:youraccount.mbna.co.uk:mbna.co.uk ??
Regards.
On 23 September 2014 13:08, Steve Basford
wrote:
>
> On Tue, September 2
Thorvald,
ClamAV's Phishing heuristics checks the link URL versus the URL listed in
the link text. Here is a simple example:
text
If the text is formatted like a URL and it is different from the href link,
then it will be flagged as a phishing attempt. I don't know offhand how
different the
Hi Shaun,
Thank you for your reply. Just for a bit of clarification would actually
clamav catch this bit as a phishing:
http://www.bankofamerica.co.uk/amazon";>http://youraccount.m=bna.co.uk/imgproxy/img/647707065/az_main_logo.png";
width=3D"280" height=3D"=
103" border=3D"0" style=3D"display:blo
Have you tried to query what process is locking the log file?
It is possible that multiple freshclam instances are running at the same
time, especially if an instance of freshclam is running as a daemon.
On Linux, you can use a command such as "lsof | grep freshclam.log" to
identify what process
Better, I think, is to start with what processes can lock the log file.
Logrotate being one such. It is a small matter to disable this and wait and see.
dp
On 9/23/14 8:50 AM, Kevin Lin wrote:
Have you tried to query what process is locking the log file?
It is possible that multiple freshclam
Yes, that would trigger it.
Shaun
On Tue, Sep 23, 2014 at 11:16 AM, Thorvald Hallvardsson <
thorvald.hallvards...@gmail.com> wrote:
> Hi Shaun,
>
> Thank you for your reply. Just for a bit of clarification would actually
> clamav catch this bit as a phishing:
>
> http://www.bankofamerica.co.uk/a
> On Sep 23, 2014, at 5:29 AM, Thorvald Hallvardsson
> wrote:
>
> If I would like to build my own database (I have
> read PDF but I don't understand really how it works) what would be the
> syntax for it ?
>
> H:youraccount.mbna.co.uk:mbna.co.uk ??
You can obviously do whatever you want for a
