[clamav-users] Heuristics.Phishing.Email.SpoofedDomain FP
steveb_clamav at sanesecurity.com
Tue Aug 16 12:35:07 EDT 2016
Try clamscan --debug 2>debug.log and I think that should show you a domain.
On 16 August 2016 17:32:31 Alex <mysqlstudent at gmail.com> wrote:
> I have a false-positive with Heuristics.Phishing.Email.SpoofedDomain
> for capitaloneemail.com, but can't figure out how to use sigtool to
> determine which actual domain it thinks was spoofed.
> # sigtool --find-sigs Heuristics.Phishing.Email.SpoofedDomain |
> sigtool --decode-sigs
> Why doesn't it display the signature with the above command?
> How do I scan the quarantined message to find out exactly what
> triggered this false positive?
> Help us build a comprehensive ClamAV guide:
More information about the clamav-users