[clamav-users] Heuristics.Phishing.Email.SpoofedDomain FP
Alex
mysqlstudent at gmail.com
Tue Aug 16 16:42:40 UTC 2016
On Tue, Aug 16, 2016 at 12:35 PM, Steve basford
<steveb_clamav at sanesecurity.com> wrote:
> Try clamscan --debug 2>debug.log and I think that should show you a domain.
Ah yes, thanks. It appears it's marked it because the URLs were too different:
LibClamAV debug: Phishing: looking up in whitelist:
.click.capitaloneemail.com:.mi.capitalone.com; host-only:1
LibClamAV debug: Looking up in regex_list:
click.capitaloneemail.com:mi.capitalone.com/
LibClamAV debug: Lookup result: not in regex list
LibClamAV debug: Phishcheck: Phishing scan result: URLs are way too different
I'm not sure I'm ready to whitelist the rule just yet, however.
Thanks,
Alex
More information about the clamav-users
mailing list