[clamav-users] Heuristics.Phishing.Email.SpoofedDomain FP
mysqlstudent at gmail.com
Tue Aug 16 12:42:40 EDT 2016
On Tue, Aug 16, 2016 at 12:35 PM, Steve basford
<steveb_clamav at sanesecurity.com> wrote:
> Try clamscan --debug 2>debug.log and I think that should show you a domain.
Ah yes, thanks. It appears it's marked it because the URLs were too different:
LibClamAV debug: Phishing: looking up in whitelist:
LibClamAV debug: Looking up in regex_list:
LibClamAV debug: Lookup result: not in regex list
LibClamAV debug: Phishcheck: Phishing scan result: URLs are way too different
I'm not sure I'm ready to whitelist the rule just yet, however.
More information about the clamav-users