Thanks Alain. > On Dec 12, 2018, at 10:17 AM, Alain Zidouemba <azidoue...@sourcefire.com> > wrote: > > The Phistank URLs being dropped from daily.cvd have nothing to do with false > positives. We are just rotating in and out the top phishing URLs based on > number DNS lookups per hour. > > - Alain > > On Wed, Dec 12, 2018 at 6:23 AM Joel Esler (jesler) <jes...@cisco.com > <mailto:jes...@cisco.com>> wrote: > Not sure. Perhaps Alain can chime in. My team also runs the Phishtank > project, so this is about making our different properties work together > through the official signature set in a supported way. If false positives > are reported on the phishtank sigs through ClamAV.net <http://clamav.net/>, > they are automatically routed to my team for resolution in the phishtank feed > and in ClamAV. > > Sent from my iPhone > > On Dec 12, 2018, at 03:59, Al Varnell <alvarn...@mac.com > <mailto:alvarn...@mac.com>> wrote: > >> You mentioned earlier that ClamAV has recently added signatures from >> PhishTank, but I've noticed over the last few days that most, if not all of >> them have been removed. Should I conclude that the PhishTank organization >> signatures are resulting in a high False Positive count? Are they simply >> accepting all the submissions they get as valid fishing attempts and not >> QAing them before release? >> >> Part of my interest is that I've been providing input to them for years >> after first establishing that the spam e-mail I received is from an address >> that doesn't match the purported notice of impeding doom and offer to fix by >> clicking a link which does not match the announced domain? I'm not sure all >> users would go to such lengths and might be forwarding all their spam to >> these folks. Or perhaps some are flooding the site with valid url's in an >> attempt defeat their purpose. >> >> -Al- >> >> On Tue, Dec 11, 2018 at 08:01 PM, Micah Snyder (micasnyd) wrote: >>> Hi Sunny, >>> >>> I meant to say that if I scanned a saved email file containing the >>> malicious URL in an HTML link (i.e. a href=link ), then it will detect >>> the link with the safebrowsing signature. However, if the malicious URL is >>> not an HTML link, for example if the email content is plain text, then the >>> safebrowsing signature does not appear to alert. >>> >>> Regards, >>> Micah >>> >>> Micah Snyder >>> ClamAV Development >>> Talos >>> Cisco Systems, Inc. >>> >>> >>>> On Dec 11, 2018, at 8:58 AM, Sunny Marwah <sunnymar...@trepup.com >>>> <mailto:sunnymar...@trepup.com>> wrote: >>>> >>>> Hi Al, >>>> >>>> Thanks for sharing that reply. >>>> >>>> Do you mean ClamAV did not detect that file (containing deceptive link) as >>>> 'Infected" in your scanning ? >>>> >>>> FYI, i have also tried Google's Safebrowsing API to check such deceptive >>>> links. >>>> >>>> It was really strange to know that even Google's Safebrowsing lookup API >>>> did not detect that file as 'Unsafe'. The reason behind is the deceptive >>>> link is phishing link but not malware. >>>> >>>> So Google's Safebrowsing lookup API will identify only Malware links as >>>> 'Unsafe' but not all deceptive links. However, when i check the same URL >>>> on "https://transparencyreport.google.com/safe-browsing/search >>>> <https://transparencyreport.google.com/safe-browsing/search>", then it >>>> shows 'site is unsafe' what i am actually looking for. >>>> >>>> Regards >>>> Sunny >>>> >>>> On Tue, Dec 11, 2018 at 5:28 PM Al Varnell <alvarn...@mac.com >>>> <mailto:alvarn...@mac.com>> wrote: >>>> Here was the earlier reply to your question >>>> <http://lists.clamav.net/pipermail/clamav-users/2018-December/007245.html >>>> <http://lists.clamav.net/pipermail/clamav-users/2018-December/007245.html>>. >>>> >>>> Sent from my iPad >>>> >>>> -Al- >>>> >>>> On Dec 10, 2018, at 21:46, Sunny Marwah <sunnymar...@trepup.com >>>> <mailto:sunnymar...@trepup.com>> wrote: >>>>> Same question again : Chrome don't open malicious links due to labeling >>>>> them dangerous as per "Safebrowsing". Then why ClamAV is not able to >>>>> identify such malicious links when "Safebrowsing" option is already >>>>> enabled ?? >>>>> >>>>>> On Sat, Dec 8, 2018 at 9:00 PM Micah Snyder (micasnyd) >>>>>> <micas...@cisco.com <mailto:micas...@cisco.com>> wrote: >>>>> Our replies may be getting filtered by your email provider because you >>>>> included a malicious link in the email chain. :D I removed the link from >>>>> this reply. >>>>> >>>>> >>>>> Micah Snyder >>>>> ClamAV Development >>>>> Talos >>>>> Cisco Systems, Inc. >>>>> >>>>> >>>>>> On Dec 8, 2018, at 9:17 AM, Sunny Marwah <sunnymar...@trepup.com >>>>>> <mailto:sunnymar...@trepup.com>> wrote: >>>>>> >>>>>> >>>>>> Still no reply on this matter. >>>> >>>> >>>> -- >>>> Regards >>>> Sunny >>>> System Engineer >>>> Mob : +91 9711155549 <tel:+91%209711155549> >>>> >>>> _______________________________________________ >>>> clamav-users mailing list >>>> clamav-users@lists.clamav.net <mailto:clamav-users@lists.clamav.net> >>>> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users >>>> <http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users> >>>> >>>> >>>> Help us build a comprehensive ClamAV guide: >>>> https://github.com/vrtadmin/clamav-faq >>>> <https://github.com/vrtadmin/clamav-faq> >>>> >>>> http://www.clamav.net/contact.html#ml >>>> <http://www.clamav.net/contact.html#ml> >>> >> >> -Al- >> -- >> Al Varnell >> Mountain View, CA >> >> >> >> >> _______________________________________________ >> clamav-users mailing list >> clamav-users@lists.clamav.net <mailto:clamav-users@lists.clamav.net> >> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users >> <http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users> >> >> >> Help us build a comprehensive ClamAV guide: >> https://github.com/vrtadmin/clamav-faq >> <https://github.com/vrtadmin/clamav-faq> >> >> http://www.clamav.net/contact.html#ml <http://www.clamav.net/contact.html#ml> > _______________________________________________ > clamav-users mailing list > clamav-users@lists.clamav.net <mailto:clamav-users@lists.clamav.net> > http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users > <http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users> > > > Help us build a comprehensive ClamAV guide: > https://github.com/vrtadmin/clamav-faq > <https://github.com/vrtadmin/clamav-faq> > > http://www.clamav.net/contact.html#ml <http://www.clamav.net/contact.html#ml> > _______________________________________________ > clamav-users mailing list > clamav-users@lists.clamav.net > http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users > > > Help us build a comprehensive ClamAV guide: > https://github.com/vrtadmin/clamav-faq > > http://www.clamav.net/contact.html#ml
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
