在 ClamAV 中启用 Google 安全浏览

tag-icon tag-icon google clamav phishing
在 ClamAV 中启用 Google 安全浏览

我正在尝试使用 ClamAV 在我的邮件服务器上启用 Google Safe Browsing 反网络钓鱼/恶意软件过滤。我在 freshclam.conf 中启用了它,并在我的 datadir 中获得了一个全新的 safebrowsing.cld 文件。但是当我通过 clamscan 或 clamdscan 运行扫描时,它没有检测到坏链接。我使用 http://**malware.testing ** .google.test ** /testing/malware/ 进行了测试,这是 Google 提供的一个恶意软件示例 URL,它让我的 Firefox 尖叫不已,我还使用其他一些坏 URL 进行了测试。

SafeBrowsing 支持是否仍然可用并在当前 ClamAV 引擎中工作?我是否必须在配置文件中启用某些特殊功能?

谢谢你的帮助 !

以下是有关我的测试用例的一些调试信息:

main.cld is up to date (version: 53, sigs: 846214, f-level: 53, builder: sven)
daily.cld is up to date (version: 12620, sigs: 35178, f-level: 58, builder: ccordes)
safebrowsing.cld is up to date (version: 27036, sigs: 544427, f-level: 58, builder: google)
bytecode.cld is up to date (version: 123, sigs: 29, f-level: 58, builder: edwin)

root@b /var/lib/clamav # ls -al
total 94920
drwxr-xr-x  2 clamav clamav     4096 2011-02-03 10:34 .
drwxr-xr-x 39 root   root       4096 2010-11-30 01:22 ..
-rw-r--r--  1 clamav clamav   437248 2011-01-23 15:25 bytecode.cld
-rw-r--r--  1 clamav clamav  2311680 2011-02-03 07:25 daily.cld
-rw-r--r--  1 clamav clamav 65422336 2010-11-14 18:40 main.cld
-rw-------  1 clamav clamav      988 2011-02-03 10:34 mirrors.dat
-rw-r--r--  1 clamav clamav 28894720 2011-02-03 09:59 safebrowsing.cld

root@b /var/lib/clamav # clamscan /tmp/malware-test.eml
/tmp/malware-test.eml: OK

----------- SCAN SUMMARY -----------
Known viruses: 1424589
Engine version: 0.96.5
Scanned directories: 0
Scanned files: 1
Infected files: 0
Data scanned: 0.00 MB
Data read: 0.00 MB (ratio 0.00:1)
Time: 2.739 sec (0 m 2 s)

#Automatically Generated by clamav-base postinst
#To reconfigure clamd run #dpkg-reconfigure clamav-base
#Please read /usr/share/doc/clamav-base/README.Debian.gz for details
LocalSocket /var/run/clamav/clamd.ctl
FixStaleSocket true
LocalSocketGroup clamav
LocalSocketMode 666
# TemporaryDirectory is not set to its default /tmp here to make overriding
# the default with environment variables TMPDIR/TMP/TEMP possible
User clamav
AllowSupplementaryGroups true
ScanMail true
ScanArchive true
ArchiveBlockEncrypted false
MaxDirectoryRecursion 15
FollowDirectorySymlinks false
FollowFileSymlinks false
ReadTimeout 180
MaxThreads 12
MaxConnectionQueueLength 15
LogSyslog false
LogFacility LOG_LOCAL6
LogClean false
LogVerbose false
PidFile /var/run/clamav/clamd.pid
DatabaseDirectory /var/lib/clamav
SelfCheck 3600
Foreground false
Debug false
ScanPE true
ScanOLE2 true
ScanHTML true
DetectBrokenExecutables false
ExitOnOOM false
LeaveTemporaryFiles false
AlgorithmicDetection true
ScanELF true
IdleTimeout 30
PhishingSignatures true
PhishingScanURLs true
PhishingAlwaysBlockSSLMismatch false
PhishingAlwaysBlockCloak false
DetectPUA false
ScanPartialMessages false
HeuristicScanPrecedence false
StructuredDataDetection false
CommandReadTimeout 5
SendBufTimeout 200
MaxQueue 100
ExtendedDetectionInfo true
OLE2BlockMacros false
StreamMaxLength 10M
LogFile /var/log/clamav/clamav.log
LogTime true
LogFileUnlock false
LogFileMaxSize 0
Bytecode true
BytecodeSecurity TrustSigned
BytecodeTimeout 60000
OfficialDatabaseOnly false
CrossFilesystems true

答案1

我联系了 ClamAV 团队,这是他们的代码中的一个错误。

https://bugzilla.clamav.net/show_bug.cgi?id=2514

相关内容