[clamav-users] Heuristics.Phishing.Email.SpoofedDomain FP

Alex mysqlstudent at gmail.com
Tue Aug 25 17:51:16 EDT 2015


Hi,

> It's not necessary to whitelist the heuristic. If you choose to, you can
> whitelist the domain which can be done using a .wdb signature. There is
> documentation on how to write an entry in the phishsigs_howto.pdf document.

Whitelist the sending domain? Or the offending domain? Or which?

Are you talking about this URL or a component of it?

>> > urldefense.
>> > proofpoint.com/ <http://proofpoint.com/
>> >(26)v2/url?u=http-3A__www.bankofamerica.com_emaildisclaimer&d=AwMFAg&c=ewHkv9vLloTwhsKn5d4bTdoqsmB

Thanks,
Alex



More information about the clamav-users mailing list