[clamav-users] No False Positive Detected (Heuristics)
alvarnell at mac.com
Tue Oct 28 05:07:15 EDT 2014
By definition there cannot be false positives for anything detected by heuristics since the engine only looks for suspiciously formatted messages.
I don’t use it, but the blacklist information would appear to be coming with the optional information provided by Google SafeBrowsing. I don’t see why it’s being flagged at this time, but it has been blacklisted 13 times over the past 90 days, serving malicious software according to:
Mountain View, CA
> On Oct 27, 2014, at 10:43 AM, Alessandro Vesely <vesely at tana.it> wrote:
> I submitted a sample email which was blocked with
> However, the site rejected the submission saying it detects no false
> positive in it. I'm running Debian, that is 0.98.4, and databases
> are up to date... See below for the hash match.
> The blacklisted web site are sellers of refrigerators for bars and
> coffee shops. The mail was addressed to their suppliers. Their web
> site seems to being refurbished; does blacklisting imply it was used
> for phishing? I found nothing in PhishTank about it.
> Does ClamAV host or refer to some other phishing repository? I'd
> guess there is a repository, otherwise I wonder how can the blacklist
> be maintained, but maybe it's not publicly accessible or I just
> didn't find it. Can someone shred some light on this?
> Here's the hash match:
> LibClamAV debug: Phishcheck:Checking url http://www.gasparinifrigoriferi.it->
> LibClamAV debug: Looking up hash 47FB0D44C60DB56EC05317671A5E73AA384E4462E631712311D378AE47684C76 for gasparinifrigoriferi.it/(24)(0)
> LibClamAV debug: This hash matched: 47FB0D44C60DB56EC05317671A5E73AA384E4462E631712311D378AE47684C76
> LibClamAV debug: Hash matched for: http://www.gasparinifrigoriferi.it
> LibClamAV debug: Phishcheck: Phishing scan result: Blacklisted
More information about the clamav-users