Hi there,
On Wed, 15 Jun 2022, joe a wrote:
To semi-hijack, I was attempting to deal with my own occasional false
positive by using this thread as a clue.
Attempting to follow the docs, I hit a wall here:
"To help you identify what triggered a heuristic phishing alert, clamscan or
clamd will print a message indicating the "Display URL" and "Real URL"
involved in a heuristic phishing alert. "
I did not find such an entry in any of the "usual suspect" logs ...
You might have more luck if you use verbose options. Some logic in
libclamav/phishcheck.c
is a bit convoluted and it looks like under some circumstances there
might be reasons for not flagging a potential phish, and not logging
certain warnings. I haven't gone over it with a magnifying glass but
there are definitely more informative debug messages available to you.
If you'd like to put a couple of samples up somewhere I could take a
look at them for you.
--
73,
Ged.
_______________________________________________
clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users
Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation
https://docs.clamav.net/#mailing-lists-and-chat
