@@ -1,3 +1,8 @@

+Thu Apr  2 23:50:36 EEST 2009 (edwin)

+-------------------------------------

+ * contrib/phishing/gdbwhitelist.sh, libclamav/phishcheck.c: add

+ script to whitelist gdb entries (bb #1482).

+

 Thu Apr  2 23:35:36 EEST 2009 (edwin)

 -------------------------------------

  * docs/phishsigs_howto.tex, libclamav/phishcheck.c,

new file mode 100755

@@ -0,0 +1,8 @@

+#!/bin/sh

+if test $# -ne 1; then

+    echo "Usage: $0 /path/to/sample\n";

+    exit 1;

+fi

+

+clamscan  --debug $1 >/dev/null 2>debugout

+grep "This hash matched" debugout | sed -e 's/.*matched: \(.*\)/S:W:\1/'

@@ -1205,6 +1205,7 @@ static int hash_match(const struct regex_matcher *rlist, const char *host, size_

 		    return CL_SUCCESS;

 	    }

 	    if (cli_bm_scanbuff(sha256_dig, 32, &virname, &rlist->sha256_hashes,0,0,-1) == CL_VIRUS) {

+		cli_dbgmsg("This hash matched: %s\n", h);

 		switch(*virname) {

 		    case 'W':

 			cli_dbgmsg("Hash is whitelisted, skipping\n");