s/--no-phishing-restrictedscan/--phishing-restrictedscan/

Hi,

now clamscan's option to enable phishing detection for all domains is
called "--no-phishing-restrictedscan", previously known as
"--phishing-strict-url-check", previously known as
"--phish-scan-alldomains". I think before releasing 0.9 final it needs
yet another renaming, since it does not seem to make any sense to let
it be a "--no-phishing-*" option, just like --no-phishing-sigs or
--no-phishing-scan-urls.

clamscan -h | grep "\--no-phishing-.*"
    --no-phishing-sigs                   Disable signature-based phishing detection
    --no-phishing-scan-urls              Disable url-based phishing detection
    --no-phishing-restrictedscan         Enable phishing detection for all domains (might lead to false positives!)

BTW, will we have the phishing-scan-urls feature in final 0.9 per
default, ie. without requiring the --enable-experimental configure
argument?

best,
rob.
--

_______________________________________________
http://lurker.clamav.net/list/clamav-devel.html

Re: speed up 'cli_bm_scanbuff()'

On Wed, 10 Jan 2007 22:30:40 +0100
"Christophe Jaillet" <christophe.jaillet <at> wanadoo.fr> wrote:

> II/ Idea of implementation :
> ==========================
> 2.1) define a macro and macroize the code (AVOID_BM_SHIFT ???) everywhere
> needed
> 
> 2.2) add test like : if (BM_MIN_LENGTH == BM_BLOCK_SIZE) ... where needed
> and let the compiler determine dead code and optimize it away
> 
> 2.3) add a new inlined function (int cli_can_avoid_bm_shift() ???) that
> perform this test
> 
> 2.4) any other idea ?
> 
> 
> Personally, I think that 2.3 is the best approach.

Hi Christophe,

2.2 looks best to me.

Sorry for the late answer.

--

-- 
   oo    .....         Tomasz Kojm <tkojm <at> clamav.net>
  (\/)\.........         http://www.ClamAV.net/gpg/tkojm.gpg
     \..........._         0DCA5A08407D5288279DB43454822DC8985A444B
       //\   /\              Fri Feb  9 00:53:57 CET 2007

Phishcheck module in clamscan 0.90rc3

Hi,

I have compared clamscan's url-based phishing options of 0.90rc3 with
those of 0.90rc2, and as a result, some things are no longer clear to
me:

(1) Has the "Phishing.Email.HexURL" type been dropped in rc3?

What has been detected as "Phishing.Email.HexURL" in rc2, will now be
detected as just "Phishing.Email":

clamscan-0.90rc2 20061007-042145.696587_Html.mbox
20061007-042145.696587_Html.mbox: Phishing.Email.HexURL FOUND

clamscan-0.90rc3 20061007-042145.696587_Html.mbox
20061007-042145.696587_Html.mbox: Phishing.Email FOUND

(2) The "--phishing-cloak" option does not seem to work:

clamscan-0.90rc3 --phishing-cloak 20061004-110140.185616_Html.mbox
20061004-110140.185616_Html.mbox: OK

However:
clamscan-0.90rc3 --no-phishing-restrictedscan 20061004-110140.185616_Html.mbox
20061004-110140.185616_Html.mbox: Phishing.Email.Cloaked.NumericIP FOUND

(3) It seems that the "--phishing-ssl" and "--phishing-cloak" options
are always activated when "--no-phishing-restrictedscan" is given, right?

(4) Do you really want to keep the "no-" within

Fw: Phishcheck module in clamscan 0.90rc3

Begin forwarded message:

Date: Sat, 10 Feb 2007 20:52:01 +0200
From: Török Edwin <edwin <at> clamav.net>
To: Tomasz Kojm <tkojm <at> clamav.net>
Subject: Re: Fw: [Clamav-devel] Phishcheck module in clamscan 0.90rc3

Tomasz Kojm wrote:
> Hi Edwin,
> 
> could you have a look at this, thanks.

Sorry for the delay, see below for reply. Please forward reply.

> 
> I have compared clamscan's url-based phishing options of 0.90rc3 with
> those of 0.90rc2, and as a result, some things are no longer clear to
> me:

Looks like I should document the phishingmodule better, at least on the
wiki.
I'll try to do that in the next few days.

> 
> (1) Has the "Phishing.Email.HexURL" type been dropped in rc3?

Not dropped. Its handling changed with images.

> 

Using clamd with --exclude or --include settings

Hi,

Is there a reason for clamd not supporting the include, exclude and  
exclude-dir options?  I've tried adding them as switches to clamdscan  
but I get a message back saying:
	WARNING: Ignoring option --exclude: please edit clamd.conf instead

So I then tried editing clamd.conf but can see no option for include/ 
exclude (other than clamuko which can't be used).  Simply adding  
"exclude PATTERN" to clamd.conf doesn't work either as I then get the  
following error when I launch clamd:
	ERROR: Parse error at line 6: Unknown option exclude.
	ERROR: Can't parse the configuration file.

Have I missed something or does the option just not exist for clamd/ 
clamdscan?  I'd rather not have to use the standalone clamscan if I  
can help it, especially since v0.90 added support for MP.

Many thanks

Mark
_______________________________________________
http://lurker.clamav.net/list/clamav-devel.html

DB format different in new version of clamav????

hi to everybody
and sorry by my english

well this is my problem

i had a port of the libclamav for windows
i make this port myself using the realease 0.87

and to last week i was using the virus DB fine

but two days ago i have downloaded the new updated db man.cvd and
daily.cvdfor the site
and i replace the old db that was in my files

well the situation is that THE NEW DB NOT WORK

i mean i have more than 128 malisiuos files and my port with the new db dont
work , what is the differente from the old db (two weeks ago) to the new one
(to days ago)????
why now dont recognize no one , and las week it was working very well

i opened my project to do some changes and modifications
it have a shell integration and a permanent monitor (almost realtime i mean
like others (service installed))

and i founded that dont recognize NOTHING i thinked

SHIT what happen now ???? where i broke the code now????
i spend more than 2 hours searching where was the problem
and there is no problem

Warning building 0.90 on FreeBSD 6-STABLE

I recently updated clamav to 0.90 on FreeBSD ports and was notified
about these warnings:

unrar/unrar.c:1560: warning: integer constant is too large for "long" type
unrar/unrar.c:1561: warning: integer constant is too large for "long" type

does anybody know how can I fix it?

Thanks in advance?
--

-- 
Renato Botelho
_______________________________________________
http://lurker.clamav.net/list/clamav-devel.html

freshclam looping

Hi,

stepped into an infinite loop on freshclam when there's no permissions
for daily.inc and daily.inc/*.

I know the permissions are an install problem but it may happen and the
loop is a major CPU chewer:

root       232  0.0  0.0  1928  652 ?        S     2006   0:46 /usr/sbin/cron
root      4915  0.0  0.0  2040  724 ?        S    13:44   0:00  \_ /USR/SBIN/CRON
qscand    4916 73.9  0.0  2892  848 ?        R    13:44 421:12      \_ /ptmail/av/bin/freshclam
root      4918  0.0  0.0  1524  300 ?        S    13:44   0:00      \_ bin/qmail-inject -a -- root
qmailq    4922  0.0  0.0  1488  288 ?        S    13:44   0:00          \_ bin/qmail-queue

Attached is a patch for shared/misc.c that fixes this (haven't tested
it though) and a strace dump of the looping process.

Best regards.

--

-- 
Jose Celestino
----------------------------------------------------------------
http://www.msversus.org/     ; http://techp.org/petition/show/1
http://www.vinc17.org/noswpat.en.html
----------------------------------------------------------------
"And on the trillionth day, Man created Gods." -- Thomas D. Pate

--- shared/misc-orig.c	2007-02-11 00:35:22.000000000 +0000
+++ shared/misc.c	2007-02-17 01:12:57.000000000 +0000

Re: Warning building 0.90 on FreeBSD 6-STABLE

On 2/16/07, Renato Botelho <rbgarga <at> gmail.com> wrote:
> I recently updated clamav to 0.90 on FreeBSD ports and was notified
> about these warnings:
>
> unrar/unrar.c:1560: warning: integer constant is too large for "long" type
> unrar/unrar.c:1561: warning: integer constant is too large for "long" type

I fixed it on FreeBSD using the attached patch. I don't know if it's a
problem on other SOs

Thanks
--

-- 
Renato Botelho

_______________________________________________
http://lurker.clamav.net/list/clamav-devel.html
Please submit your patches to our Bugzilla: http://bugs.clamav.net

Some programs stop building with clamav-0.90

After I upgraded clamav to 0.90 on FreeBSD ports, some other programs
stop building. Here are them:

squidclam:

cc -I/usr/local/include -L/usr/local/lib -O2 -fno-strict-aliasing
-lbz2 -lclamav -lcrypto -lcurl -lgmp -liconv -lidn -lssl -lz -pipe
-rpath=/usr/local/lib  -s -o squidclam squidclam.c
/var/tmp//ccM5lyd6.o(.text+0x8ce): In function `main':
: undefined reference to `cl_perror'
gmake: *** [all] Error 1

I changed cl_perror to cl_strerror, is it correct?

----------------------------------------------

havp:

c++ -O2 -fno-strict-aliasing -pipe  -O2 -I/usr/local/include -O2
-fno-strict-aliasing -pipe -Wall -DNOMAND -DUSECLAMLIB -c -o
scanners/clamlibscanner.o scanners/clamlibscanner.cpp
scanners/clamlibscanner.cpp: In member function `virtual bool
ClamLibScanner::InitDatabase()':
scanners/clamlibscanner.cpp:32: error: `cl_loaddbdir' was not declared
in this scope
scanners/clamlibscanner.cpp:32: warning: unused variable 'cl_loaddbdir'
scanners/clamlibscanner.cpp: In member function `virtual bool
ClamLibScanner::ReloadDatabase()':
scanners/clamlibscanner.cpp:68: error: `cl_loaddbdir' was not declared
in this scope