[clamav-users] False positive on Heuristics.Phishing.Email.SSL-Spoof, no attachment
Al Varnell
alvarnell at mac.com
Wed Apr 21 00:07:17 UTC 2021
As you have noted, this is a common situation. Anytime the actual URL does not closely match the displayed URL you'll get an alert unless it has been added to an M or X signature in the database. I haven't been convinced that anybody is maintaining that list of exceptions, so disabling it is probably your best defense at this point. Perhaps you could generate your own M/X records if phishing is a big problem, but educating users to not blindly click on ever link would be a better course of action.
Sent from my iPad
-Al-
On Apr 20, 2021, at 05:30, Robert Kudyba <rkudyba at fordham.edu> wrote:
> An important email from our university president was quarantined with Heuristics.Phishing.Email.SSL-Spoof. I submitted the email as an attachment to ClamAV. I'm also disabling it based on past reports such as https://qmailtoaster-list.qmailtoaster.narkive.com/NYaYAjLl/disabling-clamav-heuristic-phishing-checks, https://portal.smartertools.com/community/a1225/how-to-disable-a-specific-clamav-scan.aspx and https://sanesecurity.com/support/false-positives/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.clamav.net/pipermail/clamav-users/attachments/20210420/94e289f0/attachment.htm>
More information about the clamav-users
mailing list