[clamav-users] What was detected?
joe a
joea-lists at j4computers.com
Mon Feb 27 20:57:33 UTC 2023
On 2/27/2023 3:52 PM, joe a wrote:
> On 2/27/2023 3:47 PM, joe a wrote:
>> Got an email marked as infected by clamav. I cannot determine what
>> was detected.
>>
>> A long time ago I asked here and someone described how to scan an
>> individual email file, log the results and scan the log for what was
>> detected. Or maybe clued me in on which log I was not searching
>> properly.
>>
>> Did not find that conversation it in the email archives.
>> _______________________________________________
>>
>> Manage your clamav-users mailing list subscription / unsubscribe:
>> https://lists.clamav.net/mailman/listinfo/clamav-users
>>
>>
>> Help us build a comprehensive ClamAV guide:
>> https://github.com/Cisco-Talos/clamav-documentation
>>
>> https://docs.clamav.net/#mailing-lists-and-chat
>
> Well never mind that part, it is shown clearly in /var/log/clamd.log as
> "Heuristics.Phishing.Email.SpoofedDomain".
>
> What I think I conflated that with the means to determine the details so
> I can add that to a .ign* file. Something to do with debug mode I think.
>
>
Or, determine why this was detected in a valid email from a known and
utilized credit card service. Or is it simpler to "white list" this
sender and move on?
More information about the clamav-users
mailing list