Re: [clamav-users] submitting phish samples - stripped

2018-02-12 Thread Kees Theunissen 
On Mon, 12 Feb 2018, Joel Esler (jesler) wrote:

>Generally speaking, it's better for us to have as much detail as possible.
>Samples that you submit through the website (either one) are not shared
>with partners (unless you check the "share with partners" checkbox)

Hi Joel,

In a previous message in this thread you wrote:

>Phish can also be sent in to
>phishtank.com (also a project ran by my team) which
>allows community voting on phish to product a blacklist for users to use.

Can you explain how you organized this "community voting" without
sharing the submitted phish samples with the/some "community"?


Regards,

Kees Theunissen.

-- 
Kees Theunissen,  System and network manager,   Tel: +31 (0)40-3334724
Dutch Institute For Fundamental Energy Research (DIFFER)
email address:c.j.theunis...@differ.nl
postal address:   PO Box 6336, 5600 HH, Eindhoven, the Netherlands
visitors address: De Zaale 20, 5612 AJ, Eindhoven, the Netherlands

___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] submitting phish samples - stripped

2018-02-12 Thread Joel Esler (jesler) 
Generally speaking, it's better for us to have as much detail as possible.  
Samples that you submit through the website (either one) are not shared with 
partners (unless you check the "share with partners" checkbox)


--
Joel Esler | Talos: Manager | jes...@cisco.com






On Feb 11, 2018, at 7:16 AM, Matus UHLAR - fantomas 
> wrote:

On Feb 8, 2018, at 3:52 AM, Matus UHLAR - fantomas 
> wrote:
when submitting phish samples, should I use the same form as for malware?
(https://www.clamav.net/reports/malware)
some time ago it contained selection list whether it's malware, phish, false
positive.
Now the page contains forms for malware and false positives - no phishes.

I hope phishes are still to be detected :)

side question: is it fine to strip sample of an e-mail of private data like
recipient mail address, Received: headers etc?

On 08.02.18 18:54, Joel Esler (jesler) wrote:
So, there's two things you can do here, I think.  Phish can be submitted to
ClamAV in the same way you submit malware.  Phish can also be sent in to
phishtank.com (also a project ran by my team) which
allows community voting on phish to product a blacklist for users to use.

so, phish samples to clamav, URLs to phishtank.com.

what about stripping private information, like recipients and Received:
headers - it that fine?

--
Matus UHLAR - fantomas, uh...@fantomas.sk ; 
http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Linux - It's now safe to turn on your computer.
Linux - Teraz mozete pocitac bez obav zapnut.
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] submitting phish samples - stripped

2018-02-11 Thread Matus UHLAR - fantomas 

On Feb 8, 2018, at 3:52 AM, Matus UHLAR - fantomas 
> wrote:
when submitting phish samples, should I use the same form as for malware?
(https://www.clamav.net/reports/malware)
some time ago it contained selection list whether it's malware, phish, false
positive.
Now the page contains forms for malware and false positives - no phishes.

I hope phishes are still to be detected :)

side question: is it fine to strip sample of an e-mail of private data like
recipient mail address, Received: headers etc?


On 08.02.18 18:54, Joel Esler (jesler) wrote:

So, there's two things you can do here, I think.  Phish can be submitted to
ClamAV in the same way you submit malware.  Phish can also be sent in to
phishtank.com (also a project ran by my team) which
allows community voting on phish to product a blacklist for users to use.


so, phish samples to clamav, URLs to phishtank.com.

what about stripping private information, like recipients and Received:
headers - it that fine?

--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Linux - It's now safe to turn on your computer.
Linux - Teraz mozete pocitac bez obav zapnut.
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] submitting phish samples - stripped

2018-02-08 Thread Joel Esler (jesler) 
So, there's two things you can do here, I think.  Phish can be submitted to 
ClamAV in the same way you submit malware.  Phish can also be sent in to 
phishtank.com (also a project ran by my team) which 
allows community voting on phish to product a blacklist for users to use.


--
Joel Esler | Talos: Manager | jes...@cisco.com






On Feb 8, 2018, at 3:52 AM, Matus UHLAR - fantomas 
> wrote:

Hello,

when submitting phish samples, should I use the same form as for malware?
(https://www.clamav.net/reports/malware)
some time ago it contained selection list whether it's malware, phish, false
positive.
Now the page contains forms for malware and false positives - no phishes.

I hope phishes are still to be detected :)

side question: is it fine to strip sample of an e-mail of private data like
recipient mail address, Received: headers etc?

--
Matus UHLAR - fantomas, uh...@fantomas.sk ; 
http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
"Two words: Windows survives." - Craig Mundie, Microsoft senior strategist
"So does syphillis. Good thing we have penicillin." - Matthew Alton
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml