[clamav-users] Heuristics.Phishing.Email.SpoofedDomain FP
mysqlstudent at gmail.com
Tue Aug 16 12:31:37 EDT 2016
I have a false-positive with Heuristics.Phishing.Email.SpoofedDomain
for capitaloneemail.com, but can't figure out how to use sigtool to
determine which actual domain it thinks was spoofed.
# sigtool --find-sigs Heuristics.Phishing.Email.SpoofedDomain |
Why doesn't it display the signature with the above command?
How do I scan the quarantined message to find out exactly what
triggered this false positive?
More information about the clamav-users