[clamav-users] Whitelisting FP domains

Richard inbound-lists-clamav at listmail.innovate.net
Thu Oct 6 08:55:54 EDT 2016


> Date: Thursday, October 06, 2016 08:40:39 -0400
> From: Alex <mysqlstudent at gmail.com>
>
> Hi,
> 
> We have reports of a domain being blacklisted and we don't think it
> should be:
> 
> LibClamAV debug: Phishcheck:Checking url
> http://www.hospitalitytec.com->www.hospitalitytec.com
> LibClamAV debug: Looking up hash
> 31E3DBF72F782E65722B2AE014524FF4F13F7022245ED9D4A7213D73F7B65A90 for
> hospitalitytec.com/(19)(0)
> LibClamAV debug: This hash matched:
> 31E3DBF72F782E65722B2AE014524FF4F13F7022245ED9D4A7213D73F7B65A90
> LibClamAV debug: Hash matched for: http://www.hospitalitytec.com
> LibClamAV debug: Phishcheck: Phishing scan result: Blacklisted
> LibClamAV debug: found Possibly Unwanted:
> Heuristics.Safebrowsing.Suspected-phishing_safebrowsing.clamav.net
> 
> It's not listed anywhere else as being blacklisted. I will submit a
> report to clamav directly, but it involves uploading the whole
> email. I'd also like to know if information can be provided as to
> why it was blacklisted.
> 
> I'd like to be able to just whitelist it locally. I know how to
> whitelist signatures, but not domains.
> 

Both chrome and firefox report that site as containing malware or as
an attack site. As I suspect they don't get their information (only)
from ClamAV, you may want to check into this further before
whitelisting it.








More information about the clamav-users mailing list