If you won't provide the URL to the rest of us users, then we can't help you. You'll have to wait to see if the development team gets back to you.
-Al- On Fri, Dec 07, 2018 at 04:10 AM, Sunny Marwah wrote: > Hi Al Varnell, > > I have already gone through https://www.clamav.net/documents/safebrowsing > <https://www.clamav.net/documents/safebrowsing>. > > That URL i have already shared with one of ClamAV development team members > > I did not understand your point what you said --- "You will probably need to > obfuscate it in order to get it through the mail system, something like > httx://....". > > My purpose behind using ClamAV is to scan Linux server and plus HTML > templates which we regularly receive on server. > > And the reason behind using "Safebrowing" option is to detect deceptive, > Phishing URL's in HTML templates in the same way as Chrome warns us before > opening such URL's. I want ClamAV to detect such files as "Infected" which > contain deceptive, Phishing URL's. > > Waiting for your quick and needful response. > > Regards > Sunny > > On Fri, Dec 7, 2018 at 5:22 PM Al Varnell <alvarn...@mac.com > <mailto:alvarn...@mac.com>> wrote: > Have your read the explanation at > <https://www.clamav.net/documents/safebrowsing > <https://www.clamav.net/documents/safebrowsing>>? > > Please provide the phishing URL that is failing. You will probably need to > obfuscate it in order to get it through the mail system, something like > httx://.... > > -Al- > > On Fri, Dec 07, 2018 at 03:17 AM, Sunny Marwah wrote: >> Hello Micah & Team, >> >> Have not received any response on my last email. >> >> Also, i have enabled Safebrowsing option in freshclam.conf as suggested by >> you. >> >> Still i can see that ClamAV is not working properly. There is one file >> placed on server and there is one phishing URL available in that file. That >> URL is so deceptive that Chrome is not letting us open that URL due to >> labeling it as "Deceptive" URL. >> >> Why ClamAV is still not able to find that file as "Infected" in scanning >> even after enabling "Safebrowsing" option ?? >> >> Waiting for your quick and needful response. >> >> Regards >> Sunny >> >> On Thu, Dec 6, 2018 at 4:41 PM Sunny Marwah <sunnymar...@trepup.com >> <mailto:sunnymar...@trepup.com>> wrote: >> Hi Micah, >> >> Thanks for letting me know about enabling SafeBrowsing CVD option in ClamAV. >> >> Google safe browsing put a website in 3 categories mentioned below : >> 1 Secure >> 2 Info or Not secure >> 3 Not secure or Dangerous >> >> Curious to know how ClamAV will categorize the HTML file. Let's say, if any >> "Note secure or Dangerous" URL is found, will ClamAV will show it as >> infected file in scanning summary ? If this is the case, i guess in case >> "Secure" URL is found, it will show as OK. And what if URL is found as "Info >> or Not secure" ? >> >> Regards >> Sunny >> >> >> On Thu, Dec 6, 2018 at 3:19 PM Micah Snyder (micasnyd) <micas...@cisco.com >> <mailto:micas...@cisco.com>> wrote: >> It may be worth mentioning that in addition to the [optional] SafeBrowsing >> CVD that you can choose to include, ClamAV has just started including >> PhishTank signatures late last month. >> >> For those who curious, see https://lists.gt.net/clamav/virusdb/ >> <https://lists.gt.net/clamav/virusdb/>. PhishTank signatures are prefixed >> with Phishtank.Phishing. >> >> >> Micah Snyder >> ClamAV Development >> Talos >> Cisco Systems, Inc. >> >> >>> On Dec 6, 2018, at 3:27 AM, Al Varnell <alvarn...@mac.com >>> <mailto:alvarn...@mac.com>> wrote: >>> >>> Frankly, I'm surprised that ClamAV finds any such URL's. They are way to >>> dynamic (blacklisted one day and removed the next). ClamAV does malware >>> detection over the long haul and trying to keep up with fraudulent web >>> sites would be a full time job and better done by other means (e.g. Google >>> Safe Browsing). >>> >>> -Al- >>> >>> On Wed, Dec 05, 2018 at 11:33 PM, Sunny Marwah wrote: >>>> Hello Team, >>>> >>>> We are using clamav-0.100.2 to scan few HTML email templates. >>>> >>>> Sometimes, there are deceptive URL's mentioned in those templates and that >>>> template should be detected as infected via ClamAV scan process. >>>> >>>> I can see weird output of ClamAV scan process. Sometimes it detect such >>>> templates as infected and sometimes, it does not detect them as infected. >>>> And the URL's i am talking about, are so deceptive that even Google chrome >>>> browser don't let us open these URL's and show us clear warning as >>>> "Dangerous" about deceptive website. >>>> >>>> Can you put your views behind such unpredictable behavior ? >>>> >>>> If you want then i can report such URL's on your malware link for >>>> reporting. >>>> >>>> Regards >>>> Sunny >>> _______________________________________________ >>> clamav-users mailing list >>> clamav-users@lists.clamav.net <mailto:clamav-users@lists.clamav.net> >>> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users >>> <http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users> >>> >>> >>> Help us build a comprehensive ClamAV guide: >>> https://github.com/vrtadmin/clamav-faq >>> <https://github.com/vrtadmin/clamav-faq> >>> >>> http://www.clamav.net/contact.html#ml >>> <http://www.clamav.net/contact.html#ml> >> _______________________________________________ >> clamav-users mailing list >> clamav-users@lists.clamav.net <mailto:clamav-users@lists.clamav.net> >> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users >> <http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users> >> >> >> Help us build a comprehensive ClamAV guide: >> https://github.com/vrtadmin/clamav-faq >> <https://github.com/vrtadmin/clamav-faq> >> >> http://www.clamav.net/contact.html#ml <http://www.clamav.net/contact.html#ml> >> >> >> -- >> Regards >> Sunny >> System Engineer >> Mob : +91 9711155549 > > -Al- > -- > Al Varnell > Mountain View, CA > > > > > > _______________________________________________ > clamav-users mailing list > clamav-users@lists.clamav.net <mailto:clamav-users@lists.clamav.net> > http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users > <http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users> > > > Help us build a comprehensive ClamAV guide: > https://github.com/vrtadmin/clamav-faq > <https://github.com/vrtadmin/clamav-faq> > > http://www.clamav.net/contact.html#ml <http://www.clamav.net/contact.html#ml> -Al- -- Al Varnell Mountain View, CA
_______________________________________________ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
