I'd whitelist the specific URLs in question, but they vary from message
to message, since they're in the form:
http://www.google.com/url?sa=X&q=http://<othersite>....
(the full URL runs about 500 characters in total - so far as I
understand the SpoofedDomain heuristic, it's only that first pair of
site names that trigger it).
The visible URLs are essentially http://<othersite>....
Is there any way to whitelist all of these in daily.wdb?
-kgd
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
