edwintorok at gmail
Oct 2, 2008, 12:16 PM
Post #2 of 3
(654 views)
Permalink
|
|
Re: Removal of clamscan's "--no-phishing-restrictedscan" option
[In reply to]
|
|
On 2008-10-02 10:25, Robert Allerstorfer wrote:
> Hi,
>
> clamscan 0.94 is the first version after 0.9 where the
> "--no-phishing-restrictedscan" option is no more mentioned in the
> output of 'clamscan -h'. However, that option has in fact been removed
> earlier - at least in the 0.93.x versions that option just did nothing
> when specified.
>
> So now, there are only the options "--phishing-ssl" and
> "--phishing-cloak" remaining if someone wants a higher detection rate
> of *possible* phishings. However, using them did not make any
> difference in my tests as without them. Edwin's mbox test file from
> https://wwws.clamav.net/bugzilla/attachment.cgi?id=141
> will always be detected as Phishing.Heuristics.Email.SpoofedDomain, no
> matter which options are set or not.
>
> Could someone please give any sample that demonstrates the
> --phishing-* options?
>
Indeed, --phishing-ssl and --phishing-cloak should work even if the host
is not in the .pdb and
display the proper name.
I fixed this is in SVN r4220, and will be part of 0.94.1 (bug #1211).
You can have a look at these files, and scan it with a .pdb containing a
'H:example.com' line:
http://svn.clamav.net/svn/clamav-devel/trunk/unit_tests/input/phish-test-clean
http://svn.clamav.net/svn/clamav-devel/trunk/unit_tests/input/phish-test-cloak
http://svn.clamav.net/svn/clamav-devel/trunk/unit_tests/input/phish-test-ssl
I've added these to the unit test too (check_clamscan.sh).
Best regards,
--Edwin
_______________________________________________
http://lurker.clamav.net/list/clamav-devel.html
Please submit your patches to our Bugzilla: http://bugs.clamav.net
|
