[clamav-users] Amazon/SpoofedDomain FP
G.W. Haywood
clamav at jubileegroup.co.uk
Thu Mar 17 18:14:04 UTC 2022
Hi there,
On Thu, 17 Mar 2022, Alex via clamav-users wrote:
> The link description is a URL and apparently doesn't match the link
> itself, resulting in email from Amazon Business being marked as
> malicious. Do I just add this to some kind of allow/bypass list?
> How do I go about doing that?
Micah has given you plenty to go on. I'd add that you can search the
docs online, for example:
https://docs.clamav.net/?search=false%20positive
To prevent all such detections, see 'PhishingScanURLs' in the man page
for clamd.conf.
Personally I wouldn't take any action at all. I'm quite happy to
reject mail if there's a chance that it might educate the sender.
Admittedly, in this case, the chance is rather a slim one.
--
73,
Ged.
More information about the clamav-users
mailing list