By definition there cannot be false positives for anything detected by heuristics since the engine only looks for suspiciously formatted messages.
I don’t use it, but the blacklist information would appear to be coming with the optional information provided by Google SafeBrowsing. I don’t see why it’s being flagged at this time, but it has been blacklisted 13 times over the past 90 days, serving malicious software according to: <http://www.google.com/safebrowsing/diagnostic?site=gasparinifrigoriferi.it> -Al- -- Al Varnell Mountain View, CA > On Oct 27, 2014, at 10:43 AM, Alessandro Vesely <ves...@tana.it> wrote: > > Hi, > > I submitted a sample email which was blocked with > Heuristics.Safebrowsing.Suspected-phishing_safebrowsing.clamav.net > > However, the site rejected the submission saying it detects no false > positive in it. I'm running Debian, that is 0.98.4, and databases > are up to date... See below for the hash match. > > The blacklisted web site are sellers of refrigerators for bars and > coffee shops. The mail was addressed to their suppliers. Their web > site seems to being refurbished; does blacklisting imply it was used > for phishing? I found nothing in PhishTank about it. > > Does ClamAV host or refer to some other phishing repository? I'd > guess there is a repository, otherwise I wonder how can the blacklist > be maintained, but maybe it's not publicly accessible or I just > didn't find it. Can someone shred some light on this? > > > Here's the hash match: > LibClamAV debug: Phishcheck:Checking url http://www.gasparinifrigoriferi.it-> > LibClamAV debug: Looking up hash > 47FB0D44C60DB56EC05317671A5E73AA384E4462E631712311D378AE47684C76 for > gasparinifrigoriferi.it/(24)(0) > LibClamAV debug: This hash matched: > 47FB0D44C60DB56EC05317671A5E73AA384E4462E631712311D378AE47684C76 > LibClamAV debug: Hash matched for: http://www.gasparinifrigoriferi.it > LibClamAV debug: Phishcheck: Phishing scan result: Blacklisted > > > Ciao > Ale _______________________________________________ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
