[clamav-users] No False Positive Detected (Heuristics)

Alessandro Vesely vesely at tana.it
Mon Oct 27 13:43:23 EDT 2014


Hi,

I submitted a sample email which was blocked with
Heuristics.Safebrowsing.Suspected-phishing_safebrowsing.clamav.net

However, the site rejected the submission saying it detects no false
positive in it.  I'm running Debian, that is 0.98.4, and databases
are up to date...  See below for the hash match.

The blacklisted web site are sellers of refrigerators for bars and
coffee shops.  The mail was addressed to their suppliers.  Their web
site seems to being refurbished; does blacklisting imply it was used
for phishing?  I found nothing in PhishTank about it.

Does ClamAV host or refer to some other phishing repository?  I'd
guess there is a repository, otherwise I wonder how can the blacklist
be maintained, but maybe it's not publicly accessible or I just
didn't find it.  Can someone shred some light on this?


Here's the hash match:
LibClamAV debug: Phishcheck:Checking url http://www.gasparinifrigoriferi.it->
LibClamAV debug: Looking up hash 47FB0D44C60DB56EC05317671A5E73AA384E4462E631712311D378AE47684C76 for gasparinifrigoriferi.it/(24)(0)
LibClamAV debug: This hash matched: 47FB0D44C60DB56EC05317671A5E73AA384E4462E631712311D378AE47684C76
LibClamAV debug: Hash matched for: http://www.gasparinifrigoriferi.it
LibClamAV debug: Phishcheck: Phishing scan result: Blacklisted


Ciao
Ale



More information about the clamav-users mailing list