[clamav-users] Heuristics, only on or off?
Al Varnell
alvarnell at mac.com
Wed Mar 24 01:57:32 UTC 2021
Sent from my iPad
> On Mar 23, 2021, at 18:29, Joe Acquisto-j4 <joea at j4computers.com> wrote:
>
> The "spoofed domain" is the one I would rather allow to pass through without
> comment or quarantine as some are "legitmate". But the docs did warn
> about "false posititves". Although pedantic types (who me?) might argue it
> is not a "false positive" if it met the testing criteria.
There is a whitelist capability (M & X records) that allow designated alternative domains to pass the heuristics tests, but my observation over several years now is that nobody seems to be maintaining those entries, resulting in the FP's observed. I can only guess that most users leave the option disabled resulting in whitelist maintenance not being a priority.
-Al-
More information about the clamav-users
mailing list