Since we're treating clamav's detected phishes as spam, instead of rejecting them (what we do with regular malware), we noticed that the heuristic detection causes lots of false positives: in only a few samples I detected legitimate paypal mails (and I know it's legit because it's DomainKeys signed), and mails to the lockergnome mailinglist.
I have now disabled the heuristic by setting "PhishingScanURLs no". Is anyone actually using this to reject mails on a large production environment, without getting serious complaints about false positives? (we're doing 5-10 million mails a day, could be that we're seeing more false positives due to the high volume) -- Jan-Pieter Cornet <[EMAIL PROTECTED]> !! Disclamer: The addressee of this email is not the intended recipient. !! !! This is only a test of the echelon and data retention systems. Please !! !! archive this message indefinitely to allow verification of the logs. !! _______________________________________________ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
