[clamav-users] Proofpoint and Heuristics.Phishing.Email.SpoofedDomain
micah at riseup.net
Sun Mar 15 17:35:06 EDT 2020
I keep having people complaining about False Positives due to
Heuristics.Phishing.Email.SpoofedDomain because of Proofpoint.
I really didn't want to do this, but I added a few entries to the
local.wdb to whitelist it:
That seemed to work for a while, but people are getting hit by it again,
it seems like the URLs changed, they used to be:
the newer ones prepend
but that regexp should match, unless I'm misreading it. Does someone
have a better solution that works for this?
More information about the clamav-users