Browse code
Rename Phishing.Email.* to Phishing.Heuristics.Email.*. Update documentation. The URL-based heuristic detection is for "Possibly Unwanted" phishing emails.
| ... | ... |
@@ -1,3 +1,9 @@ |
| 1 |
+Wed Jun 28 14:36:00 CEST 2007 (edwin) |
|
| 2 |
+---------------------------------- |
|
| 3 |
+ * libclamav/phishcheck.c, docs/man: Rename Phishing.Email.* to |
|
| 4 |
+ Phishing.Heuristics.Email.*. Update documentation. The URL-based heuristic |
|
| 5 |
+ detection is for "Possibly Unwanted" phishing emails. |
|
| 6 |
+ |
|
| 1 | 7 |
Wed Jun 27 13:59:33 BST 2007 (njh) |
| 2 | 8 |
---------------------------------- |
| 3 | 9 |
libclamav/mbox.c: Bug #538 |
| ... | ... |
@@ -246,7 +246,7 @@ With this option enabled ClamAV will try to detect phishing attempts by using si |
| 246 | 246 |
Default: yes |
| 247 | 247 |
.TP |
| 248 | 248 |
\fBPhishingScanURLs BOOL\fR |
| 249 |
-Scan URLs found in mails for phishing attempts. |
|
| 249 |
+Scan URLs found in mails for phishing attempts using heuristics. This will classify "Possibly Unwanted" phishing emails as Phishing.Heuristics.Email.* |
|
| 250 | 250 |
.br |
| 251 | 251 |
Default: yes |
| 252 | 252 |
.TP |
| ... | ... |
@@ -76,10 +76,10 @@ Disable scanning of mail files. |
| 76 | 76 |
Disable signature-based phishing detection. |
| 77 | 77 |
.TP |
| 78 | 78 |
\fB\-\-no\-phishing\-scan\-urls\fR |
| 79 |
-Disable url-based phishing detection. |
|
| 79 |
+Disable url-based heuristic phishing detection. This disables Phishing.Heuristics.Email.* |
|
| 80 | 80 |
.TP |
| 81 | 81 |
\fB\-\-no\-phishing\-restrictedscan\fR |
| 82 |
-Enable phishing detection for all domains (might lead to false positives!). |
|
| 82 |
+Enable url-based heuristic phishing detection for all domains (might lead to false positives!). |
|
| 83 | 83 |
.TP |
| 84 | 84 |
\fB\-\-phishing\-ssl\fR |
| 85 | 85 |
Always block SSL mismatches in URLs (might lead to false positives!). |
| ... | ... |
@@ -230,7 +230,7 @@ LocalSocket /tmp/clamd.socket |
| 230 | 230 |
# Default: yes |
| 231 | 231 |
#PhishingSignatures yes |
| 232 | 232 |
|
| 233 |
-# Scan URLs found in mails for phishing attempts. |
|
| 233 |
+# Scan URLs found in mails for phishing attempts using heuristics. |
|
| 234 | 234 |
# Default: yes |
| 235 | 235 |
#PhishingScanURLs yes |
| 236 | 236 |
|
| ... | ... |
@@ -823,24 +823,24 @@ int phishingScan(message* m,const char* dir,cli_ctx* ctx,tag_arguments_t* hrefs) |
| 823 | 823 |
continue; |
| 824 | 824 |
/* break;*/ |
| 825 | 825 |
case CL_PHISH_HEX_URL: |
| 826 |
- *ctx->virname="Phishing.Email.HexURL"; |
|
| 826 |
+ *ctx->virname="Phishing.Heuristics.Email.HexURL"; |
|
| 827 | 827 |
return found_possibly_unwanted(ctx); |
| 828 | 828 |
/* break;*/ |
| 829 | 829 |
case CL_PHISH_NUMERIC_IP: |
| 830 |
- *ctx->virname="Phishing.Email.Cloaked.NumericIP"; |
|
| 830 |
+ *ctx->virname="Phishing.Heuristics.Email.Cloaked.NumericIP"; |
|
| 831 | 831 |
return found_possibly_unwanted(ctx); |
| 832 | 832 |
case CL_PHISH_CLOAKED_NULL: |
| 833 |
- *ctx->virname="Phishing.Email.Cloaked.Null";/*http://www.real.com%01%00@www.evil.com*/ |
|
| 833 |
+ *ctx->virname="Phishing.Heuristics.Email.Cloaked.Null";/*http://www.real.com%01%00@www.evil.com*/ |
|
| 834 | 834 |
return found_possibly_unwanted(ctx); |
| 835 | 835 |
case CL_PHISH_SSL_SPOOF: |
| 836 |
- *ctx->virname="Phishing.Email.SSL-Spoof"; |
|
| 836 |
+ *ctx->virname="Phishing.Heuristics.Email.SSL-Spoof"; |
|
| 837 | 837 |
return found_possibly_unwanted(ctx); |
| 838 | 838 |
case CL_PHISH_CLOAKED_UIU: |
| 839 |
- *ctx->virname="Phishing.Email.Cloaked.Username";/*http://www.ebay.com@www.evil.com*/ |
|
| 839 |
+ *ctx->virname="Phishing.Heuristics.Email.Cloaked.Username";/*http://www.ebay.com@www.evil.com*/ |
|
| 840 | 840 |
return found_possibly_unwanted(ctx); |
| 841 | 841 |
case CL_PHISH_NOMATCH: |
| 842 | 842 |
default: |
| 843 |
- *ctx->virname="Phishing.Email"; |
|
| 843 |
+ *ctx->virname="Phishing.Heuristics.Email.SpoofedDomain"; |
|
| 844 | 844 |
return found_possibly_unwanted(ctx); |
| 845 | 845 |
} |
| 846 | 846 |
} |