At 02:49 PM 8/27/2007, John W. Baxter wrote: >We're seeing > 1. Mail from Yahoo groups (or some mail from Yahoo groups) being marked >as Phishing (for URL reasons) > 2. Same for a Seattle Times mailing list. > 3. Same for a Democracy in Action mailing. > 4. Customer (unwise, usually) forwarding of messages with URLs being >marked as Phishing although they came in unscathed.
Please submit samples to the clamav team so the FPs can be resolved. >We're about to install emergency code which will initially ignore all >Phishing "hits", but is written so we can be more selective. (It can ignore >any particular hit--tested with EICAR.) That sounds as if it may be generally useful. >Should the following settings have the effect of disabling any detection >regarding Phishing? (Actually, I don't think the signature-based phishing >detection is causing our problems.) > ># Scan urls found in mails for phishing attempts. ># (available in experimental builds only) ># Default: yes >#PhishingScanURLs yes >PhishingScanURLs no Setting "PhishingScanURLs no" definitely works on my FreeBSD system. Note if you are using clamscan you need to use the "--no-phishing-scan-urls" command line option. does the command # clamconf | grep Phish show the expected settings? Does the command # clamconf | grep conf show the expected path names? When you test some file manually with clamscan and/or clamdscan does it work as expected? Unfortunately, clamd doesn't seem to log (all) options on startup, so the log isn't terribly useful this time. -- Noel Jones _______________________________________________ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html