Alain Zidouemba wrote: > The following seems to work for me: > > > X:\.scotiarewards\.com:\.scotiabank\.com > > > It will be released shortly to whitelist the redirection from > scotiarewards.com to scotiabank.com
Thanks! However, I tried adding this to daily.wdb locally, and I'm still getting the Heuristics.Phishing.Email.SpoofedDomain hit. I get this in the debug output: LibClamAV debug: Phishcheck:host:.links.email.scotiarewards.com LibClamAV debug: Phishing: looking up in whitelist: .links.email.scotiarewards.com:.scotiarewards.scotiabank.com; host-only:1 LibClamAV debug: Looking up in regex_list: links.email.scotiarewards.com:scotiarewards.scotiabank.com/ LibClamAV debug: Lookup result: not in regex list LibClamAV debug: Phishcheck: Phishing scan result: URLs are way too different LibClamAV debug: found Possibly Unwanted: Heuristics.Phishing.Email.SpoofedDomain FWIW, I've added similar entries to daily.wdb before, and it's always worked fine. I'm not sure what's missing this time around. -kgd _______________________________________________ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
