Hi, Am Dienstag, den 14.11.2017, 11:20 +0100 schrieb Hajo Locke: > Hello, > > based on my working whitelist regex i would say the 2nd part should > not > look only for amazon\.com > > > If i understood it the correct way it should be something like: > > X:.+\.amazon\.(at|ca|co\.uk|co\.jp|com|de|fr)([/?].*)?:.+\.amazon\.(c > om|de)([/?].*)? > > Using this regex shows a clean mail. May be more extensions are > needed > on right side, dependent on amazon changes/uses on different domains.
Anything new on this? Is above rule still working? Some of my amazon mails are blocked by "Phishing.Email.SpoofedDomain" too, e.g.: http://www.adobe.com/de/products/acrobat/readstep2.html -> https://sellercentral-europe.amazon.com/... or Amazon.de -> https://sellercentral-europe.amazon.com/... Cheers m _______________________________________________ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
