[clamav-users] Heuristics, only on or off?
G.W. Haywood
clamav at jubileegroup.co.uk
Wed Mar 24 09:41:10 UTC 2021
Hi there,
On Tue, 23 Mar 2021, Joe Acquisto-j4 wrote:
>> On Tuesday, March 23, 2021 at 5:02 PM, G.W. Haywood wrote:
>>> On Tue, 23 Mar 2021, Joe Acquisto-j4 wrote:
>>>
>>>> ". . .infected by Heuristics.OLE2.ContainsMacros.VBA"
>>>>
>>>> and
>>>>
>>>> ". . .infected by Heuristics.Phishing.Email.SpoofedDomain"
>>>>
>>>> I love the first one but loathe the second one.
>>>
>>> I don't think I understand the question.
>>>
>>> There are two distinct names for two different classes of threat.
>>> What exactly are you looking for that isn't provided by the names?
>>> Do you mean distinguishing between individual examples of the type of
>>> threat? Perhaps you should be looking at your log verbosity, or perhaps
>>> something which analyzes suspect data more thoroughly. Are these logs the
>>> result of scanning filesystems, scanning mail, or...?
>
> I was not clear. ...
Correct.
> The "spoofed domain" is the one I would rather allow to pass through without
> comment or quarantine as some are "legitmate". But the docs did warn
> about "false posititves". Although pedantic types (who me?) might argue it
> is not a "false positive" if it met the testing criteria.
So this is only when you're scanning mail?
> That settles that, apparently. All or nothing.
Not necessarily.
But it will help enormously if you will answer my questions.
--
73,
Ged.
More information about the clamav-users
mailing list