I was suggesting that you submit the log file as an FP. It contains partial url and if I post it here then this e-mail will be reported as infected. You can see it for yourself by running the following:
sigtool --find Email.Phishing.DblDom-60 | sigtool --decode-sig -Al- On Sat, Apr 02, 2016 at 05:19 PM, Andrew McGlashan wrote: > > On 3/04/2016 9:32 AM, Al Varnell wrote: >> Have you submitted the log to False Positive Reports yet? >> <http://www.clamav.net/reports/fp> > > This is not a /file/ it is an email source and the source changes with > each and every log. Some log files are giving this problem, most are > not; I need to know what it is that is causing clamav to claim to be > malware so I can understand why clamav thinks the email has malware. > > Thanks > AndrewM > _______________________________________________ > Help us build a comprehensive ClamAV guide: > https://github.com/vrtadmin/clamav-faq > > http://www.clamav.net/contact.html#ml -Al- -- Al Varnell Mountain View, CA
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
