Hello Micah & Team, Have not received any response on my last email.
Also, i have enabled Safebrowsing option in freshclam.conf as suggested by you. Still i can see that ClamAV is not working properly. There is one file placed on server and there is one phishing URL available in that file. That URL is so deceptive that Chrome is not letting us open that URL due to labeling it as "Deceptive" URL. Why ClamAV is still not able to find that file as "Infected" in scanning even after enabling "Safebrowsing" option ?? Waiting for your quick and needful response. Regards Sunny On Thu, Dec 6, 2018 at 4:41 PM Sunny Marwah <sunnymar...@trepup.com> wrote: > Hi Micah, > > Thanks for letting me know about enabling SafeBrowsing CVD option in > ClamAV. > > Google safe browsing put a website in 3 categories mentioned below : > 1 Secure > 2 Info or Not secure > 3 Not secure or Dangerous > > Curious to know how ClamAV will categorize the HTML file. Let's say, if > any "Note secure or Dangerous" URL is found, will ClamAV will show it as > infected file in scanning summary ? If this is the case, i guess in case > "Secure" URL is found, it will show as OK. And what if URL is found as > "Info or Not secure" ? > > Regards > Sunny > > > On Thu, Dec 6, 2018 at 3:19 PM Micah Snyder (micasnyd) <micas...@cisco.com> > wrote: > >> It may be worth mentioning that in addition to the [optional] >> SafeBrowsing CVD that you can choose to include, ClamAV has just started >> including PhishTank signatures late last month. >> >> For those who curious, see https://lists.gt.net/clamav/virusdb/. >> PhishTank signatures are prefixed with Phishtank.Phishing. >> >> >> Micah Snyder >> ClamAV Development >> Talos >> Cisco Systems, Inc. >> >> >> On Dec 6, 2018, at 3:27 AM, Al Varnell <alvarn...@mac.com> wrote: >> >> Frankly, I'm surprised that ClamAV finds any such URL's. They are way to >> dynamic (blacklisted one day and removed the next). ClamAV does malware >> detection over the long haul and trying to keep up with fraudulent web >> sites would be a full time job and better done by other means (e.g. Google >> Safe Browsing). >> >> -Al- >> >> On Wed, Dec 05, 2018 at 11:33 PM, Sunny Marwah wrote: >> >> Hello Team, >> >> We are using clamav-0.100.2 to scan few HTML email templates. >> >> Sometimes, there are deceptive URL's mentioned in those templates and >> that template should be detected as infected via ClamAV scan process. >> >> I can see weird output of ClamAV scan process. Sometimes it detect such >> templates as infected and sometimes, it does not detect them as infected. >> And the URL's i am talking about, are so deceptive that even Google chrome >> browser don't let us open these URL's and show us clear warning as >> "Dangerous" about deceptive website. >> >> Can you put your views behind such unpredictable behavior ? >> >> If you want then i can report such URL's on your malware link for >> reporting. >> >> Regards >> Sunny >> >> _______________________________________________ >> clamav-users mailing list >> clamav-users@lists.clamav.net >> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users >> >> >> Help us build a comprehensive ClamAV guide: >> https://github.com/vrtadmin/clamav-faq >> >> http://www.clamav.net/contact.html#ml >> >> >> _______________________________________________ >> clamav-users mailing list >> clamav-users@lists.clamav.net >> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users >> >> >> Help us build a comprehensive ClamAV guide: >> https://github.com/vrtadmin/clamav-faq >> >> http://www.clamav.net/contact.html#ml >> > > > -- > Regards > Sunny > System Engineer > Mob : +91 9711155549 > > -- Regards Sunny System Engineer Mob : +91 9711155549
_______________________________________________ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
