[clamav-users] Amazon/SpoofedDomain FP

Thu Mar 17 16:53:57 UTC 2022

Hi,
The link description is a URL and apparently doesn't match the link
itself, resulting in email from Amazon Business being marked as
malicious. Do I just add this to some kind of allow/bypass list?

How do I go about doing that?

$ clamscan -v amazon-fp.eml
Scanning /home/alex/quarantine/amazon-fp.eml
LibClamAV info: Suspicious link found!
LibClamAV info:   Real URL:    https://www.amazonbusiness.com
LibClamAV info:   Display URL: www.americanexpress.com
/root/quarantine/amazon-fp.eml: Heuristics.Phishing.Email.SpoofedDomain FOUND