git-svn: trunk@3120
Török Edvin authored on 2007/06/28 21:36:25... | ... |
@@ -1,3 +1,9 @@ |
1 |
+Wed Jun 28 14:36:00 CEST 2007 (edwin) |
|
2 |
+---------------------------------- |
|
3 |
+ * libclamav/phishcheck.c, docs/man: Rename Phishing.Email.* to |
|
4 |
+ Phishing.Heuristics.Email.*. Update documentation. The URL-based heuristic |
|
5 |
+ detection is for "Possibly Unwanted" phishing emails. |
|
6 |
+ |
|
1 | 7 |
Wed Jun 27 13:59:33 BST 2007 (njh) |
2 | 8 |
---------------------------------- |
3 | 9 |
libclamav/mbox.c: Bug #538 |
... | ... |
@@ -246,7 +246,7 @@ With this option enabled ClamAV will try to detect phishing attempts by using si |
246 | 246 |
Default: yes |
247 | 247 |
.TP |
248 | 248 |
\fBPhishingScanURLs BOOL\fR |
249 |
-Scan URLs found in mails for phishing attempts. |
|
249 |
+Scan URLs found in mails for phishing attempts using heuristics. This will classify "Possibly Unwanted" phishing emails as Phishing.Heuristics.Email.* |
|
250 | 250 |
.br |
251 | 251 |
Default: yes |
252 | 252 |
.TP |
... | ... |
@@ -76,10 +76,10 @@ Disable scanning of mail files. |
76 | 76 |
Disable signature-based phishing detection. |
77 | 77 |
.TP |
78 | 78 |
\fB\-\-no\-phishing\-scan\-urls\fR |
79 |
-Disable url-based phishing detection. |
|
79 |
+Disable url-based heuristic phishing detection. This disables Phishing.Heuristics.Email.* |
|
80 | 80 |
.TP |
81 | 81 |
\fB\-\-no\-phishing\-restrictedscan\fR |
82 |
-Enable phishing detection for all domains (might lead to false positives!). |
|
82 |
+Enable url-based heuristic phishing detection for all domains (might lead to false positives!). |
|
83 | 83 |
.TP |
84 | 84 |
\fB\-\-phishing\-ssl\fR |
85 | 85 |
Always block SSL mismatches in URLs (might lead to false positives!). |
... | ... |
@@ -230,7 +230,7 @@ LocalSocket /tmp/clamd.socket |
230 | 230 |
# Default: yes |
231 | 231 |
#PhishingSignatures yes |
232 | 232 |
|
233 |
-# Scan URLs found in mails for phishing attempts. |
|
233 |
+# Scan URLs found in mails for phishing attempts using heuristics. |
|
234 | 234 |
# Default: yes |
235 | 235 |
#PhishingScanURLs yes |
236 | 236 |
|
... | ... |
@@ -823,24 +823,24 @@ int phishingScan(message* m,const char* dir,cli_ctx* ctx,tag_arguments_t* hrefs) |
823 | 823 |
continue; |
824 | 824 |
/* break;*/ |
825 | 825 |
case CL_PHISH_HEX_URL: |
826 |
- *ctx->virname="Phishing.Email.HexURL"; |
|
826 |
+ *ctx->virname="Phishing.Heuristics.Email.HexURL"; |
|
827 | 827 |
return found_possibly_unwanted(ctx); |
828 | 828 |
/* break;*/ |
829 | 829 |
case CL_PHISH_NUMERIC_IP: |
830 |
- *ctx->virname="Phishing.Email.Cloaked.NumericIP"; |
|
830 |
+ *ctx->virname="Phishing.Heuristics.Email.Cloaked.NumericIP"; |
|
831 | 831 |
return found_possibly_unwanted(ctx); |
832 | 832 |
case CL_PHISH_CLOAKED_NULL: |
833 |
- *ctx->virname="Phishing.Email.Cloaked.Null";/*http://www.real.com%01%00@www.evil.com*/ |
|
833 |
+ *ctx->virname="Phishing.Heuristics.Email.Cloaked.Null";/*http://www.real.com%01%00@www.evil.com*/ |
|
834 | 834 |
return found_possibly_unwanted(ctx); |
835 | 835 |
case CL_PHISH_SSL_SPOOF: |
836 |
- *ctx->virname="Phishing.Email.SSL-Spoof"; |
|
836 |
+ *ctx->virname="Phishing.Heuristics.Email.SSL-Spoof"; |
|
837 | 837 |
return found_possibly_unwanted(ctx); |
838 | 838 |
case CL_PHISH_CLOAKED_UIU: |
839 |
- *ctx->virname="Phishing.Email.Cloaked.Username";/*http://www.ebay.com@www.evil.com*/ |
|
839 |
+ *ctx->virname="Phishing.Heuristics.Email.Cloaked.Username";/*http://www.ebay.com@www.evil.com*/ |
|
840 | 840 |
return found_possibly_unwanted(ctx); |
841 | 841 |
case CL_PHISH_NOMATCH: |
842 | 842 |
default: |
843 |
- *ctx->virname="Phishing.Email"; |
|
843 |
+ *ctx->virname="Phishing.Heuristics.Email.SpoofedDomain"; |
|
844 | 844 |
return found_possibly_unwanted(ctx); |
845 | 845 |
} |
846 | 846 |
} |