On Tue, 30 Nov 2010 17:46:49 +0800
Tony Zhai <tonyzhai@gmail.com> wrote:
> I have three questions about Heuristic Scan in ClamAV .
> 1.What type of file will be scanned as a Heuristic scan?
All engine detections (as opposed to signature-based) are prefixed with
Heuristics.
> 2.How can I configure the Heuristic function with enable or disable?
Depends on category, you can enable/disable these in clamd.conf:
ArchiveBlockEncrypted:
Heuristics.Encrypted.RAR
Heuristics.Encrypted.Zip
OLE2BlockMacros:
Heuristics.OLE2.ContainsMacros
PhishingScanURLs:
Heuristics.Phishing.Email
Heuristics.Phishing.Email.Cloaked.Null
Heuristics.Phishing.Email.Cloaked.NumericIP
Heuristics.Phishing.Email.Cloaked.Username
Heuristics.Phishing.Email.SpoofedDomain
Heuristics.Phishing.Email.SSL-Spoof
Heuristics.Phishing.URL.Blacklisted
SafeBrowsing (freshclam.conf):
Heuristics.Safebrowsing.Suspected-malware_safebrowsing.clamav.net
Heuristics.Safebrowsing.Suspected-phishing_safebrowsing.clamav.net
StructuredDataDetection:
Heuristics.Structured.CreditCardNumber
Heuristics.Structured.SSN
AlgorithmicDetection:
Heuristics.Exploit.W32.MS04-028
Heuristics.Exploit.W32.MS05-002
Heuristics.PDF.ObfuscatedNameObject
Heuristics.Trojan.Swizzor.Gen
Heuristics.W32.Kriz
Heuristics.W32.Magistr.A
Heuristics.W32.Magistr.A.dam
Heuristics.W32.Magistr.B
Heuristics.W32.Magistr.B.dam
Heuristics.W32.Parite.B
Heuristics.W32.Polipos.A
Heuristics.Worm.Mydoom.M.log
> 3.How can I get some files that can test the Heuristic function?
Depends on category again. For Heuristics.Encrypted.RAR you can create
an encrypted file yourself. Which one do you want to test?
Best regards,
--Edwin
_______________________________________________
http://lurker.clamav.net/list/clamav-devel.html Please submit your patches to our Bugzilla:
http://bugs.clamav.net