[clamav-users] Amazon/SpoofedDomain FP

Alex via clamav-users Thu, 17 Mar 2022 09:55:00 -0700

Hi,
The link description is a URL and apparently doesn't match the link
itself, resulting in email from Amazon Business being marked as
malicious. Do I just add this to some kind of allow/bypass list?


How do I go about doing that?

$ clamscan -v amazon-fp.eml
Scanning /home/alex/quarantine/amazon-fp.eml
LibClamAV info: Suspicious link found!
LibClamAV info:   Real URL:    https://www.amazonbusiness.com
LibClamAV info:   Display URL: www.americanexpress.com
/root/quarantine/amazon-fp.eml: Heuristics.Phishing.Email.SpoofedDomain FOUND

_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

[clamav-users] Amazon/SpoofedDomain FP

Reply via email to