[clamav-users] Whitelisting FP domains

Alex mysqlstudent at gmail.com
Thu Oct 6 10:08:30 EDT 2016


>> We have reports of a domain being blacklisted and we don't think it
>> should be:
>>
>> LibClamAV debug: Phishcheck:Checking url
>> http://www.hospitalitytec.com->www.hospitalitytec.com
>
> I think its better to keep the domain listed at the moment..
>
> https://www.virustotal.com/en/url/291d973f15db6a186cf6b947f15794c4b12f1846fb5969ffa4057c9f20eda7b2/analysis/1475758916/

Okay, thanks, I have notified them.

I have another that was just discovered. Is this a sanesecurity
pattern and could it be a FP? There's no reference to it on virustotal
or elsewhere:

# sigtool --find-sigs winnow.spam.ts.miscspam.1025807 | sigtool --decode-sigs
VIRUS NAME: winnow.spam.ts.miscspam.1025807
TARGET TYPE: HTML
OFFSET: *
DECODED SIGNATURE:
{STRING_ALTERNATIVE:.|/|@| |<}americanas.com.br{STRING_ALTERNATIVE:'|"| |/|=|>|

Thanks,
Alex



More information about the clamav-users mailing list