On 2/27/2023 3:52 PM, joe a wrote:
On 2/27/2023 3:47 PM, joe a wrote:
Got an email marked as infected by clamav. I cannot determine what
was detected.
A long time ago I asked here and someone described how to scan an
individual email file, log the results and scan the log for what was
detected. Or maybe clued me in on which log I was not searching
properly.
Did not find that conversation it in the email archives.
_______________________________________________
Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/listinfo/clamav-users
Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation
https://docs.clamav.net/#mailing-lists-and-chat
Well never mind that part, it is shown clearly in /var/log/clamd.log as
"Heuristics.Phishing.Email.SpoofedDomain".
What I think I conflated that with the means to determine the details so
I can add that to a .ign* file. Something to do with debug mode I think.
Or, determine why this was detected in a valid email from a known and
utilized credit card service. Or is it simpler to "white list" this
sender and move on?
_______________________________________________
Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/listinfo/clamav-users
Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation
https://docs.clamav.net/#mailing-lists-and-chat
