Hi, I have an email with an apparent false-positive spoofed domain. How can I determine what domain it is that clamscan thinks is spoofed and correct it? I'm sorry if this is a FAQ. I'm familiar with how to use sigtool to decode a false-positive, but no signature or other details are given. Thanks, Alex