[Clamav-devel] Increase in FP for Heuristics.Phishing.Email

Mark Allan markjallan at gmail.com
Fri Jul 17 20:59:21 EDT 2015


I'm seeing an increase in instances of false positive reports for emails marked as phishing. In particular Heuristics.Phishing.Email.SpoofedDomain.

This is typically showing up in genuine PayPal or eBay emails but I've also seen it with genuine emails from credit card suppliers.

These never used to trigger warnings so I'm wondering if something has changed recently?


More information about the clamav-devel mailing list