Rename Phishing.Email.* to Phishing.Heuristics.Email.*. Update documentation.

The URL-based heuristic detection is for "Possibly Unwanted" phishing emails. git-svn: trunk@3120
18 years ago · 3fced6f7b0
parent 097eaef235
commit 3fced6f7b0
5 changed files with 16 additions and 10 deletions
--- a/6
+++ b/6
@ -1,3 +1,9 @@
+Wed Jun 28 14:36:00 CEST 2007 (edwin)
+----------------------------------
+  * libclamav/phishcheck.c, docs/man: Rename Phishing.Email.* to
+  Phishing.Heuristics.Email.*. Update documentation. The URL-based heuristic
+  detection is for "Possibly Unwanted" phishing emails.
+
 Wed Jun 27 13:59:33 BST 2007 (njh)
 ----------------------------------
  libclamav/mbox.c:	Bug #538
--- a/docs/man/clamd.conf.5.in
+++ b/docs/man/clamd.conf.5.in
@ -246,7 +246,7 @@ With this option enabled ClamAV will try to detect phishing attempts by using si
 Default: yes
 .TP
 \fBPhishingScanURLs BOOL\fR
-Scan URLs found in mails for phishing attempts.
+Scan URLs found in mails for phishing attempts using heuristics. This will classify "Possibly Unwanted" phishing emails as Phishing.Heuristics.Email.*
 .br
 Default: yes
 .TP
--- a/docs/man/clamscan.1.in
+++ b/docs/man/clamscan.1.in
@ -76,10 +76,10 @@ Disable scanning of mail files.
 Disable signature-based phishing detection.
 .TP 
 \fB\-\-no\-phishing\-scan\-urls\fR
-Disable url-based phishing detection.
+Disable url-based heuristic phishing detection. This disables Phishing.Heuristics.Email.*
 .TP
 \fB\-\-no\-phishing\-restrictedscan\fR
-Enable phishing detection for all domains (might lead to false positives!).
+Enable url-based heuristic phishing detection for all domains (might lead to false positives!).
 .TP
 \fB\-\-phishing\-ssl\fR
 Always block SSL mismatches in URLs (might lead to false positives!).
--- a/etc/clamd.conf
+++ b/etc/clamd.conf
@ -230,7 +230,7 @@ LocalSocket /tmp/clamd.socket
 # Default: yes
 #PhishingSignatures yes

-# Scan URLs found in mails for phishing attempts.
+# Scan URLs found in mails for phishing attempts using heuristics.
 # Default: yes
 #PhishingScanURLs yes

--- a/libclamav/phishcheck.c
+++ b/libclamav/phishcheck.c
@ -823,24 +823,24 @@ int phishingScan(message* m,const char* dir,cli_ctx* ctx,tag_arguments_t* hrefs)
 						continue;
 /*						break;*/
 					case CL_PHISH_HEX_URL:
-						*ctx->virname="Phishing.Email.HexURL";
+						*ctx->virname="Phishing.Heuristics.Email.HexURL";
 						return found_possibly_unwanted(ctx);
 /*						break;*/
 					case CL_PHISH_NUMERIC_IP:
-						*ctx->virname="Phishing.Email.Cloaked.NumericIP";
+						*ctx->virname="Phishing.Heuristics.Email.Cloaked.NumericIP";
 						return found_possibly_unwanted(ctx);
 					case CL_PHISH_CLOAKED_NULL:
-						*ctx->virname="Phishing.Email.Cloaked.Null";/*http://www.real.com%01%00@www.evil.com*/
+						*ctx->virname="Phishing.Heuristics.Email.Cloaked.Null";/*http://www.real.com%01%00@www.evil.com*/
 						return found_possibly_unwanted(ctx);
 					case CL_PHISH_SSL_SPOOF:
-						*ctx->virname="Phishing.Email.SSL-Spoof";
+						*ctx->virname="Phishing.Heuristics.Email.SSL-Spoof";
 						return found_possibly_unwanted(ctx);
 					case CL_PHISH_CLOAKED_UIU:
-						*ctx->virname="Phishing.Email.Cloaked.Username";/*http://www.ebay.com@www.evil.com*/
+						*ctx->virname="Phishing.Heuristics.Email.Cloaked.Username";/*http://www.ebay.com@www.evil.com*/
 						return found_possibly_unwanted(ctx);
 					case CL_PHISH_NOMATCH:
 					default:
-						*ctx->virname="Phishing.Email";
+						*ctx->virname="Phishing.Heuristics.Email.SpoofedDomain";
 						return found_possibly_unwanted(ctx);
 				}
 		}