PATCH SweepViruses.pm - clamavmodule false positives

Gareth list-mailscanner at linguaphone.com
Mon Aug 6 14:30:34 IST 2007


Attached is a patch for SweepViruses.pm which fixes the false positives
issue with Phishing.Heuristics.Email.SpoofedDomain when using
Clamavmodule and the full message scan option.

It passes the CL_SCAN_PHISHING_DOMAINLIST option which according to the
clamavmodule source :-
=item CL_SCAN_PHISHING_DOMAINLIST
Phishing module: restrict URL scanning to domains from .pdf
(RECOMMENDED).

I believe that as this option was not previously set it is equivalent to
the following clamscan option :-
       --no-phishing-restrictedscan
       Enable url-based heuristic phishing detection for all domains
(might lead to false positives!).

Personally I think CL_SCAN_PHISHING_DOMAINLIST should do the same as
--no-phishing-restrictedscan and not be the inverse of it. Maybe a bug.
I will contact the author about it anyway.

I dont really know what this option does exactly but it is a recommended
setting, its name seems to indicate it is related to the false positives
I was getting, and setting it does seem to have cured the problem.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: SweepViruses.pm.patch
Type: text/x-patch
Size: 176 bytes
Desc: not available
Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070806/9f8eea98/SweepViruses.pm.bin


More information about the MailScanner mailing list