On Wed, 27 Sep 2006, 18:59 GMT+03 Török Edvin wrote: > On 9/27/06, Robert Allerstorfer wrote: >> The output of 'clamscan -h' included >> --no-phishing Disable phishing detection >> --no-phishing-scan-urls Disable url-based phishing detection
> --no-phishing means to disable detecting phishing based on signatures > from main.cvd/daily.cvd > --no-phishing-scan-urls means to disable the new phishing code (url-based) yes, thanks, just think the -h output should make that clear, also. Is it true that all names of found "viruses" by the code that can be disabled by '--no-phishing' begin with "HTML.Phishing.", while those found by the new url-based phising code begin with "Phishing.Email."? I need this for my antivirus-filter where I let delete all positive mails. Now, I want to add url-based phishing detection using '--phish-scan-alldomains' but move instead of delete those identified "infected" mails, to manually check for false positives. I have now tested another phishing mail using your new code (with the '--phish-scan-alldomains' option) which did not get detected. The --debug output showed that the phishing code was not even applied (since there are no entries beginning with 'PH:' as in the output where phishing has been found): [...] LibClamAV debug: Exported 15276 bytes using enctype 1 LibClamAV debug: fileblobDestroy: mixedtextportion LibClamAV debug: Now read in part 0 LibClamAV debug: Empty part LibClamAV debug: The message has 1 parts LibClamAV debug: Find out the multipart type (alternative) LibClamAV debug: Multipart alternative handler LibClamAV debug: Mixed message with 1 parts LibClamAV debug: Mixed message part 0 is of type 0 LibClamAV debug: No mime headers found in multipart part 0 LibClamAV debug: No plain text alternative LibClamAV debug: Adding to non mime-part LibClamAV debug: cli_mbox returning 0 LibClamAV debug: Matched signature for file type HTML data at 330 LibClamAV debug: in cli_scanhtml() LibClamAV debug: mmap'ed file D:\Mails\spam\PHISH_ebay.mbox: OK If I should provide somebody with that file please let me know. Thanks rob. _______________________________________________ http://lurker.clamav.net/list/clamav-devel.html
