[clamav-users] excluding a URL from "heueristics" scanning
joe a
joea-lists at j4computers.com
Thu Aug 11 16:47:57 UTC 2022
A while back discussed excluding some URL's from triggering the
heueristics scan. Seemed to work. Postfix, spamassassin, clamav in use.
Now seems some addtional URL's are involved. Perhaps I am doing
something wrong here.
Been determining (?) the offending URL's by examining the entire email
using:
clamscan --debug --file-list=SFILE --log=RESULT.txt 2> result.txt
then looking for offenders using:
grep -iB4 "Phishing scan result: URLs are way too different" myfile.txt
entering the URL seen in "Real URL: http://some.url" into
"/var/lib/clamav/somefile.wdb" and restarting clamd (systemctl restart
clamd.service)
I would presume re-scanning as above should no longer flag the offending
URL(s)?
More information about the clamav-users
mailing list