On 9/16/06, Ian Castle <[EMAIL PROTECTED]> wrote:
Török Edvin wrote:
> Looking forward for you ideas, comments, results (and bug reports).
I built this (probably wrongly ;-)
Tell me how you called ./configure and we'll see if its correct.
the other day, in order to test it on
our repository of phishing emails (http://phishery.internetdefence.net)
- are there any recommended signatures for use
Not (yet).
- my understanding of the
phishsigs_howto.pdf is that it still requires some form of signature in
addition to the whitelist? Or does anyone have a sigs. they want testing?
Neither the domainlist (daily.pdb), or the whitelist (daily.wdb) is "required".
If they are not found, they are simply not used. However you will
certainly want a .pdb file, otherwise you'll have many false
positives!
I've updated the documentation in the phishsigs_howto with some
examples on how to create those databases.
First you should start with a test using --phish-scan-alldomains, and
see how many phishes it catches. Then you need to create a list of
domains/urls (ebay,paypal,...) that are frequently target of phishing.
Otherwise you'll have many false positives. Then test again with this
database you created,...
I see that you already have a list of phishing sites, if you have the
corresponding url they claim to link to, you can generate a .pdb file
out of that [it is recommended to do it manually, see below].
At first you might want to test it with some common sites, like
ebay/paypal, and don't care about the displayedURL in the .pdb file
(use .+ to match all displayedURLs).
Or you might just create a list of hosts in it (using H), listing
ebay,paypal,...
P.S.:please update from cvs, there have been some bugfixes.
Best regards,
Edwin
_______________________________________________
http://lurker.clamav.net/list/clamav-devel.html
