[clamav-users] No False Positive Detected (Heuristics)

Al Varnell alvarnell at mac.com
Tue Oct 28 05:07:15 EDT 2014


By definition there cannot be false positives for anything detected by heuristics since the engine only looks for suspiciously formatted messages.

I don’t use it, but the blacklist information would appear to be coming with the optional information provided by Google SafeBrowsing.  I don’t see why it’s being flagged at this time, but it has been blacklisted 13 times over the past 90 days, serving malicious software according to:
<http://www.google.com/safebrowsing/diagnostic?site=gasparinifrigoriferi.it>


-Al-
-- 
Al Varnell
Mountain View, CA

> On Oct 27, 2014, at 10:43 AM, Alessandro Vesely <vesely at tana.it> wrote:
> 
> Hi,
> 
> I submitted a sample email which was blocked with
> Heuristics.Safebrowsing.Suspected-phishing_safebrowsing.clamav.net
> 
> However, the site rejected the submission saying it detects no false
> positive in it.  I'm running Debian, that is 0.98.4, and databases
> are up to date...  See below for the hash match.
> 
> The blacklisted web site are sellers of refrigerators for bars and
> coffee shops.  The mail was addressed to their suppliers.  Their web
> site seems to being refurbished; does blacklisting imply it was used
> for phishing?  I found nothing in PhishTank about it.
> 
> Does ClamAV host or refer to some other phishing repository?  I'd
> guess there is a repository, otherwise I wonder how can the blacklist
> be maintained, but maybe it's not publicly accessible or I just
> didn't find it.  Can someone shred some light on this?
> 
> 
> Here's the hash match:
> LibClamAV debug: Phishcheck:Checking url http://www.gasparinifrigoriferi.it->
> LibClamAV debug: Looking up hash 47FB0D44C60DB56EC05317671A5E73AA384E4462E631712311D378AE47684C76 for gasparinifrigoriferi.it/(24)(0)
> LibClamAV debug: This hash matched: 47FB0D44C60DB56EC05317671A5E73AA384E4462E631712311D378AE47684C76
> LibClamAV debug: Hash matched for: http://www.gasparinifrigoriferi.it
> LibClamAV debug: Phishcheck: Phishing scan result: Blacklisted
> 
> 
> Ciao
> Ale



More information about the clamav-users mailing list