On 6/15/2022 11:47 AM, G.W. Haywood via clamav-users wrote:
Hi there,
On Wed, 15 Jun 2022, joe a wrote:
To semi-hijack, I was attempting to deal with my own occasional false
positive by using this thread as a clue.
Attempting to follow the docs, I hit a wall here:
"To help you identify what triggered a heuristic phishing alert,
clamscan or clamd will print a message indicating the "Display URL"
and "Real URL" involved in a heuristic phishing alert. "
I did not find such an entry in any of the "usual suspect" logs ...
Thanks gents.
After a (good) bit of messing about, found this (names obfuscated):
****************
LibClamAV info: Real URL: https://l.infoxx.domain.com
LibClamAV info: Display URL: anotherdomain.com
LibClamAV debug: Phishcheck: Phishing scan result: URLs are way too
different
****************
I presume that is what needs to be added to the (a ?) WDB file, but, I
find no WDB files anywhere on my system.
Clearly, I am beyond my current knowledge.
joe a.
_______________________________________________
clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users
Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation
https://docs.clamav.net/#mailing-lists-and-chat
