|The Safebrowsing signatures consist of web sites that have been rated as "bad." They are prepared from another party, but ClamAV is making them available for ClamAV users who have configured their copy of ClamAV to use them. They are not available for ClamWin users. They would not do much good, as ClamWin is not a real-time AV.
So it has the hashes for the HTML, JS, etc. files belonging to these Web sites, and in order to work it'd have to scan browser cache files (or by doing "File->Save Page As" on these bad sites)? Browsers have their own phishing lists anyway, so I'd imagine real-time scanning of the cache files would be pointless, wouldn't it?
I have other security-related software (including MSSE) running realtime, with ClamWin set to scan memory hourly (the scan is set to an empty dummy folder with "Scan Programs Loaded In Computer Memory" checked).
I'd imagine doing this would only cover, e.g., firefox.exe right?
|You can get similar protection from the ClamAV Hosts file from Malware Patrol. You download it and replace your Windows Hosts file in the System32 folder with it
For years I've been using Spybot S&D's "Immunize" feature for the hosts file (it also modifies browser settings with the same blacklist). I also use Firefox's Adblock Plus (with more blacklists and ABP's new sleazelist hacked off
) I've found this combination to be very effective.
As for MalwarePatrol's signatures, recently I installed Win7 and didn't know that the ClamSup page was permanently down, e-mailed SaneSecurity about it and they said the owner disappeared and let the site expire. Until I hack something up I've just been downloading their signatures manually once a day.