[clamav-users] Email.Phishing.VOF1-6295323-1 needs a boundary

[Laurent S.]

Hi,

I had yesterday a false positive on the Email.Phishing.VOF1-6295323-1 
signature. It searches for filenames with this regex: 
[a-z0-9]{4,15}[_\s\(\-]{1,2}[0-9\)]{3,9}(?![\d]).{0,14}\.js

The problem is that it hit on a zip attachment having only a few .json 
files. Please edit that sig in order to add a \s at the end: \.js\s

I can't simply share the file that produced the false positive as this 
is from a client. It looks like a backup of a laser tube cutting machine.

I've locally added this sig to the whitelist in the meantime.

Thanks a lot,

Laurent