[clamav-users] Heuristics.Phishing.Email.SpoofedDomain FP
Reindl Harald
h.reindl at thelounge.net
Tue Aug 16 16:33:52 UTC 2016
Am 16.08.2016 um 18:31 schrieb Alex:
> I have a false-positive with Heuristics.Phishing.Email.SpoofedDomain
> for capitaloneemail.com, but can't figure out how to use sigtool to
> determine which actual domain it thinks was spoofed.
>
> # sigtool --find-sigs Heuristics.Phishing.Email.SpoofedDomain |
> sigtool --decode-sigs
> #
>
> Why doesn't it display the signature with the above command?
>
> How do I scan the quarantined message to find out exactly what
> triggered this false positive?
i disabled them entirely because i still need to face anything else than
false positives from that rules....
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 181 bytes
Desc: OpenPGP digital signature
URL: <https://lists.clamav.net/pipermail/clamav-users/attachments/20160816/2c7c429e/attachment.sig>
More information about the clamav-users
mailing list