[clamav-users] SpoofedDomain FOUND
Al Varnell
alvarnell at mac.com
Fri Feb 17 11:40:00 UTC 2017
It's possible for ClamAV to fix that by providing an update record which would whitelist that particular match for PayPal. Normally you would just have to upload the message to ClamAV's False Positive page with an explanation, but in this case, since it's embedded in that Thunderbird mailbox. They should be able to do that based on the information in your clamdeb.txt file, but would need to respond to this discussion that they it's something they want to do.
-Al-
On Thu, Feb 16, 2017 at 05:27 AM, ellanios82 wrote:
>
> On 02/16/17 15:00, Mark Allan wrote:
>> simply to add 2>&1 to the end of your command, to redirect stderr to stdout.
>>
>> clamscan --debug/home/user/.thunderbird/9i9wirek.default/Mail/pop.gmail.com/bus<http://pop.gmail.com/bus> >> clamdeb.txt 2>&1
>
> - again thank you for being Really helpful { not just demonstrating 'clever' }
>
>
> - turns out the Spoofed Domain message was from PayPal
>
> ........
>
> thanks
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3573 bytes
Desc: not available
URL: <https://lists.clamav.net/pipermail/clamav-users/attachments/20170217/7ad57983/attachment.bin>
More information about the clamav-users
mailing list