On Thu, 09 Sep 2010 14:35:40 +0530 ANANT S ATHAVALE <a...@isac.gov.in> wrote:
> Dear List, > > I have got a complaint from one of our users that, a genuine mail has > got identified as virus: Heuristics.Phishing.Email.SpoofedDomain, > with internal reference code as ' 02103-11/QCZxxtAvePMy'. That reference code is not coming from ClamAV, it has no reference codes. Its probably some reference code of some 3rdparty app that uses ClamAV for scanning. > I don't > know what exactly is the meaning of internal reference code. > > We are not quarantining the mails which are detected as infected. > Under this condition, I really do not know the genuinity of the > actual mail which has been blocked. > > But, it looks like this is a false positive as the recipient has > confirmed with the bank that such mails are being sent. > > What is the way out that in future such mail is not detected as > virus. How to address this issue. Please let me know. daily.pdb lists hdfcbank.com and I see hdfcbank.net below that might be a problem. Try adding this to local.wdb: M:hdfcbank.com:hdfcbank.net M:hdfcbank.net:hdfcbank.com If that doesn't work then we'd need a copy of that email, or at least the output of 'clamscan --debug <youremail> |grep Phishcheck' Best regards, --Edwin _______________________________________________ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
