edwintorok at gmail
Feb 13, 2012, 6:12 AM
Post #6 of 7
On 02/13/2012 04:01 PM, Matus UHLAR - fantomas wrote:
>> On Mon, Feb 13, 2012 at 12:15:02PM +0100, Matus UHLAR - fantomas wrote:
>>> What I need is to pass phishes sent to one particular address
>>> (abuse@, since we should knnow when our customers send phishes)
> On 13.02.12 13:45, Henri Salo wrote:
>> You might be looking for these arguments of clamscan. You can also control this in clamd.conf. Default is marked as "(*)".
> I am not looking for any currently existing arguments to clam(d)scan nor clamd. With them, the only possible way of checking for phishes etc is to scan twice - once with phishingsignatures, once
> without them.
> This is not nice no matter if I call clamscan (which takes long to load the signature database), or clamd (would require 2 clamd processes running), or combination of these two.
Try --heuristic-scan-precedence=yes (similar clamd option exists too).
It will cause ClamAV to stop and report on the first Heuristics.* match it finds. Phishing is part of Heuristics.*
The default behaviour is 'no', so when it sees a Heuristics.* it keeps scanning and if a malware is found,
then that is reported instead of the Heuristics.
The problem is that Heuristics.* is not only phishing, but some other stuff as well.
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net