Am 06.10.2016 um 16:08 schrieb Alex:
We have reports of a domain being blacklisted and we don't think it
should be:
LibClamAV debug: Phishcheck:Checking url
http://www.hospitalitytec.com->www.hospitalitytec.com
I think its better to keep the domain listed at the moment..
https://www.virustotal.com/en/url/291d973f15db6a186cf6b947f15794c4b12f1846fb5969ffa4057c9f20eda7b2/analysis/1475758916/
Okay, thanks, I have notified them.
I have another that was just discovered. Is this a sanesecurity
pattern and could it be a FP? There's no reference to it on virustotal
or elsewhere:
# sigtool --find-sigs winnow.spam.ts.miscspam.1025807 | sigtool --decode-sigs
VIRUS NAME: winnow.spam.ts.miscspam.1025807
TARGET TYPE: HTML
OFFSET: *
DECODED SIGNATURE:
{STRING_ALTERNATIVE:.|/|@| |<}americanas.com.br{STRING_ALTERNATIVE:'|"| |/|=|>|
well don't add blindly signatures without distinct which ones belong to
which clamd instance and how they should be scored or even allowed to be
rejected
http://sanesecurity.com/usage/signatures/
winnow_spam_complete.ndb
Signatures to detect fraud and other malicious spam
FP Risk: Med
_______________________________________________
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/contact.html#ml
