[clamav-users] Heuristics.Phishing.Email.SpoofedDomain FP
h.reindl at thelounge.net
Tue Aug 16 12:33:52 EDT 2016
Am 16.08.2016 um 18:31 schrieb Alex:
> I have a false-positive with Heuristics.Phishing.Email.SpoofedDomain
> for capitaloneemail.com, but can't figure out how to use sigtool to
> determine which actual domain it thinks was spoofed.
> # sigtool --find-sigs Heuristics.Phishing.Email.SpoofedDomain |
> sigtool --decode-sigs
> Why doesn't it display the signature with the above command?
> How do I scan the quarantined message to find out exactly what
> triggered this false positive?
i disabled them entirely because i still need to face anything else than
false positives from that rules....
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 181 bytes
Desc: OpenPGP digital signature
More information about the clamav-users