[clamav-users] Heuristics.Phishing.Email.SpoofedDomain FP

Reindl Harald h.reindl at thelounge.net
Tue Aug 16 12:33:52 EDT 2016

Am 16.08.2016 um 18:31 schrieb Alex:
> I have a false-positive with Heuristics.Phishing.Email.SpoofedDomain
> for capitaloneemail.com, but can't figure out how to use sigtool to
> determine which actual domain it thinks was spoofed.
> # sigtool --find-sigs Heuristics.Phishing.Email.SpoofedDomain |
> sigtool --decode-sigs
> #
> Why doesn't it display the signature with the above command?
> How do I scan the quarantined message to find out exactly what
> triggered this false positive?

i disabled them entirely because i still need to face anything else than 
false positives from that rules....

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 181 bytes
Desc: OpenPGP digital signature
URL: <https://lists.clamav.net/pipermail/clamav-users/attachments/20160816/2c7c429e/attachment.sig>

More information about the clamav-users mailing list