[clamav-users] clamav-users Digest, Vol 150, Issue 19
Reindl Harald
h.reindl at thelounge.net
Wed May 31 11:02:17 UTC 2017
Am 31.05.2017 um 12:41 schrieb Joel Esler (jesler):
> So is it us that needs to adjust our software for something that PayPal is doing? Or should PayPal adjust what they are doing?
you need to adjust when you pretend something is phising while it's
legit which can be verified by SPF/DKIM and that clamav has no way to
verify SPF is no excuse, it proves only that it's wrong
> Sent from my iPhone
>
>> On May 31, 2017, at 06:38, Al Varnell <alvarnell at mac.com> wrote:
>>
>> OK, I managed to clean it up enough and added a fake header so I could run clamscan --debug and it confirmed my suspicions:
>>
>>> LibClamAV debug: Phishcheck:host:.epl.paypal-communication.com
>>> LibClamAV debug: Phishing: looking up in whitelist: .epl.paypal-communication.com:.www.paypal.com; host-only:1
>>> LibClamAV debug: Looking up in regex_list: epl.paypal-communication.com:www.paypal.com/
>>> LibClamAV debug: Lookup result: not in regex list
>>> LibClamAV debug: Phishcheck: Phishing scan result: URLs are way too different
>>> LibClamAV debug: found Possibly Unwanted: Heuristics.Phishing.Email.SpoofedDomain
More information about the clamav-users
mailing list