Re: [clamav-users] False Positives - Heuristics.Phishing.Email.SpoofedDomain

[Ken Campney]

Thanks Joel,

Testing confirmed the issue appears to be with the WDB/PDB databases, 
I'm assuming 101.0 was when they were introduced

For now I've changed my scan settings from blackhole (in use since 99.4) 
to Quarantine.

Hopefully as I submit samples, white listings can get added.

Thanks again

Ken


On 01/08/2019 02:58 PM, Joel Esler (jesler) wrote:
Check out http://www.clamav.net/documents/miscellaneous-faq



On Jan 8, 2019, at 2:43 PM, Ken Campney <bitfu...@campbus.com 
<mailto:bitfu...@campbus.com>> wrote:

Emails from credit card companies I deal with have since 12/10/18 
been getting flagged by Heuristics.Phishing.Email.SpoofedDomain.

These include Best Buy/Citi Bank (accountsonline.com 
<http://accountsonline.com>) and American Express. Sending Domain and 
IP's have been verified

Upgraded to ClamAV version: 101.0 on 12/06/18

Is there anyway to fix this?

Thank you,

Ken

_______________________________________________
clamav-users mailing list
clamav-users@lists.clamav.net <mailto:clamav-users@lists.clamav.net>
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml



_______________________________________________
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

_______________________________________________
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml