[clamav-users] Finding the spoofed domain
Alex
mysqlstudent at gmail.com
Tue Dec 15 13:43:18 UTC 2015
Hi,
I have an email that was marked as having a spoofed domain, but I
believe it's a false-positive. It's one of those smartbrief.com
newsletters.
How do I find out which domain specifically it thinks was spoofed?
I've posted the email here:
http://pastebin.com/n4WRjmzE
# clamscan -v spoofed-domain
Scanning spoofed-domain
spoofed-domain: Heuristics.Phishing.Email.SpoofedDomain FOUND
----------- SCAN SUMMARY -----------
Known viruses: 7955926
Engine version: 0.99
Scanned directories: 0
Scanned files: 1
Infected files: 1
Data scanned: 0.02 MB
Data read: 0.01 MB (ratio 1.67:1)
Time: 18.234 sec (0 m 18 s)
Thanks,
Alex
More information about the clamav-users
mailing list