Am 16.07.2016 um 08:26 schrieb Al Varnell:
None of those examples are signatures, they are engine driven detections
not entirely true - here are running two instances of clamd, one with 3rd party rules scored in spamassassin and the other one with the official sigfiles - only the one with the official hits
sadly that also means move them to the scoring instance would leave not much rules / signatures for the milter as last ressort
You must disable Heuristics using clamd.conf and clamscan options.
that's not a useful answer since the only option is "HeuristicScanPrecedence" which don't disable anything and so "you must do this" without saying how is pointless
"PhishingScanURLs no" would also disable "safebrowsing.cvd" and likely also most of the 3rd party rules
disable heuristics entirely (given there would be an an option) would also disable "Heuristics.OLE2.ContainsMacros"
it makes no sense that you can't disable specific heuristics _______________________________________________________such false positives are *unacceptable* in case of the monthly account overview and frankly i have not seen any hit which was not very likely a false positive (as example newsletters from payment companies over services like mailchimp)
Jul 8 14:42:49 mail-gw spamd[16295]: spamd: result: . -3 - BAYES_50,CUST_DNSWL_5_ORG_N,DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,HTML_IMAGE_RATIO_06,HTML_MESSAGE,RCVD_IN_MSPIKE_H4,RCVD_IN_MSPIKE_WL,SPF_PASS,USER_IN_DEF_DKIM_WL
Jul 8 14:42:10 mail-gw postfix/cleanup[19493]: 3rmDds0LjczB44: milter-reject: END-OF-MESSAGE from mta106b.pmx1.epsl1.com[142.54.244.106]: 5.7.1 Virus found or dangerous attachment: "Heuristics.Phishing.Email.SpoofedDomain"; from=<bounce-hp2v200000155ca866916a7a126f4bbe5c7c0...@mail.paypal.at> to=<*****> proto=ESMTP helo=<mta106b.pmx1.epsl1.com>
Jul 8 14:42:49 mail-gw postfix/cleanup[19119]: 3rmDfY2gcSzB44: milter-reject: END-OF-MESSAGE from mta103b.pmx1.epsl1.com[142.54.244.103]: 5.7.1 Virus found or dangerous attachment: "Heuristics.Phishing.Email.SpoofedDomain"; from=<bounce-hp2v200000155ca86bb84b0f98df4bbbf470a...@mail.paypal.at> to=<****> proto=ESMTP helo=<mta103b.pmx1.epsl1.com>
On Jul 15, 2016, at 8:00 PM, Reindl Harald wrote:Hi * the follwoing rules don't make anything but troubles * created a ign2 file * again a reject of clamav-milter * tried also whitelist "Eicar-Test-Signature" * also still hits why?! _______________________________________________________ thelounge_whitelist.ign2: Heuristics.Phishing.Email.SpoofedDomain Heuristics.Email.SSL-Spoof Phishing.Heuristics.Email.SpoofedDomain Phishing.Heuristics.Email.SSL-Spoof Heuristics.Encrypted.PDF _______________________________________________________ Fri Jul 15 16:42:46 2016 -> fd[10]: Heuristics.Phishing.Email.SpoofedDomain(007f163a4f71a336e78174b48e14bc0a:10951) FOUND
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
