|
HOME BlueQuartz.US Open Source Info for Open Source Users |
 Register  Memberlist Usergroups FAQ  Search
|
 Subscriptions Profile  Private messages  Log in
|
|
|
|
  |
| Cannot get a single hit on ClamAV + Google Safe Browsing | ||||||||||
| Message | Author | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|
|
Jonathan Bastien-Filia... | |||||||||
| Hi,
I have recently enabled Google Safe Browsing on several of our servers (we are a small spam filtering company). Many thousand mails go through these servers each day. ClamAV shows that it now has many more signatures (1464127+). Not a single Google Safe Browsing hit was recorded in the ClamAV logs over several days. My attempts to get a test URL to match have all failed. The URL I am using for testing is <http://malware.testing.google.test/testing/malware/>. This link, when opened in Firefox warns that it is a malicious site. Mail scanning and other relevant features are enabled. I have attached the test email that does not match (but should). ClamAV version: ClamAV 0.96.1/11465/Fri Jul 30 07:43:50 2010 Enabled scanning features (as shown in clamd log): Archive support enabled. Algorithmic detection enabled. Portable Executable support enabled. ELF support enabled. Mail files support enabled. OLE2 support enabled. PDF support enabled. HTML support enabled. Phishing config in clamd.conf: PhishingSignatures true PhishingScanURLs true PhishingAlwaysBlockSSLMismatch false PhishingAlwaysBlockCloak false SafeBrowsing yes (in freshclam.conf) Thanks, Jonathan _______________________________________________ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml |
||||||||||
 |
||||||||||
|
Jonathan Bastien-Filia... | |||||||||
Jonathan Bastien-Filiatrault wrote:
Mailman ate the attachment, you may find the file here: http://x2a.org/pub/misc/gsb.eml
_______________________________________________ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml |
||||||||||
|
||||||||||
|
Török Edwin | |||||||||
| On Fri, 30 Jul 2010 09:47:18 -0400
Jonathan Bastien-Filiatrault <joe@x2a.org> wrote:
The safebrowsing code is definetely matching something, we had bugreports from people asking why their urls are in safebrowsing.cvd, and our stats page shows it in the top 10 for past 7 days: Heuristics.Safebrowsing.Suspected-malware_safebrowsing.clamav.net 2010-07-30 02:14 Count: 211041
Is this a recent problem? Were you able to match this URL in the past? Looks like the database doesn't contain that test URL. Best regards, --Edwin _______________________________________________ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml |
||||||||||
|
||||||||||
| |
All times are GMT - 5 Hours |
|
|
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum |
Powered by phpBB © 2001, 2005 phpBB Group