[clamav-users] Heuristics.Phishing.Email.SpoofedDomain false positive desjardins.com and rbc.com
joe a
joea-lists at j4computers.com
Wed Jun 15 20:47:22 UTC 2022
On 6/15/2022 11:47 AM, G.W. Haywood via clamav-users wrote:
> Hi there,
>
> On Wed, 15 Jun 2022, joe a wrote:
>
>> To semi-hijack, I was attempting to deal with my own occasional false
>> positive by using this thread as a clue.
>>
>> Attempting to follow the docs, I hit a wall here:
>>
>> "To help you identify what triggered a heuristic phishing alert,
>> clamscan or clamd will print a message indicating the "Display URL"
>> and "Real URL" involved in a heuristic phishing alert. "
>>
>> I did not find such an entry in any of the "usual suspect" logs ...
>
Thanks gents.
After a (good) bit of messing about, found this (names obfuscated):
****************
LibClamAV info: Real URL: https://l.infoxx.domain.com
LibClamAV info: Display URL: anotherdomain.com
LibClamAV debug: Phishcheck: Phishing scan result: URLs are way too
different
****************
I presume that is what needs to be added to the (a ?) WDB file, but, I
find no WDB files anywhere on my system.
Clearly, I am beyond my current knowledge.
joe a.
More information about the clamav-users
mailing list