Hi, > Micah has given you plenty to go on. I'd add that you can search the > docs online, for example: > > https://docs.clamav.net/?search=false%20positive > > To prevent all such detections, see 'PhishingScanURLs' in the man page > for clamd.conf.
Thank you both for your help. The following patterns both work to address this: X:.+\.amazonbusiness\.com:www\.americanexpress\.com M:www.amazonbusiness.com:www.americanexpress.com I recalled doing this kind of thing many years ago, but couldn't find my references to it. It's now come back to me and I've found some further notes. I'll continue to study the regexes and documentation. > Personally I wouldn't take any action at all. I'm quite happy to > reject mail if there's a chance that it might educate the sender. > > Admittedly, in this case, the chance is rather a slim one. Yeah, in this case, only the recipient suffers. Thanks, Alex _______________________________________________ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
