[clamav-users] False Positives - Heuristics.Phishing.Email.SpoofedDomain

Ken Campney bitfuzzy at campbus.com
Tue Jan 8 16:28:22 EST 2019


Thanks Joel,

Testing confirmed the issue appears to be with the WDB/PDB databases, 
I'm assuming 101.0 was when they were introduced

For now I've changed my scan settings from blackhole (in use since 99.4) 
to Quarantine.

Hopefully as I submit samples, white listings can get added.

Thanks again

Ken


On 01/08/2019 02:58 PM, Joel Esler (jesler) wrote:
> Check out http://www.clamav.net/documents/miscellaneous-faq
>
>
>
>> On Jan 8, 2019, at 2:43 PM, Ken Campney <bitfuzzy at campbus.com 
>> <mailto:bitfuzzy at campbus.com>> wrote:
>>
>> Emails from credit card companies I deal with have since 12/10/18 
>> been getting flagged by Heuristics.Phishing.Email.SpoofedDomain.
>>
>> These include Best Buy/Citi Bank (accountsonline.com 
>> <http://accountsonline.com>) and American Express. Sending Domain and 
>> IP's have been verified
>>
>> Upgraded to ClamAV version: 101.0 on 12/06/18
>>
>> Is there anyway to fix this?
>>
>> Thank you,
>>
>> Ken
>>
>> _______________________________________________
>> clamav-users mailing list
>> clamav-users at lists.clamav.net <mailto:clamav-users at lists.clamav.net>
>> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
>>
>>
>> Help us build a comprehensive ClamAV guide:
>> https://github.com/vrtadmin/clamav-faq
>>
>> http://www.clamav.net/contact.html#ml
>
>
>
> _______________________________________________
> clamav-users mailing list
> clamav-users at lists.clamav.net
> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.clamav.net/pipermail/clamav-users/attachments/20190108/61739826/attachment.html>


More information about the clamav-users mailing list