On 27/02/2023 20:57, joe a wrote:
On 2/27/2023 3:52 PM, joe a wrote:
On 2/27/2023 3:47 PM, joe a wrote:
Got an email marked as infected by clamav. I cannot determine what
was detected.
A long time ago I asked here and someone described how to scan an
individual email file, log the results and scan the log for what was
detected. Or maybe clued me in on which log I was not searching
properly.
Did not find that conversation it in the email archives.
_______________________________________________
Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/listinfo/clamav-users
Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation
https://docs.clamav.net/#mailing-lists-and-chat
Well never mind that part, it is shown clearly in /var/log/clamd.log
as "Heuristics.Phishing.Email.SpoofedDomain".
What I think I conflated that with the means to determine the details
so I can add that to a .ign* file. Something to do with debug mode
I think.
Or, determine why this was detected in a valid email from a known and
utilized credit card service. Or is it simpler to "white list" this
sender and move on?
If you have sufficient free memory use clamscan to scan the email in
question. It should be kind enough to highlight the reason why
Heuristics.Phishing.Email.SpoofedDomain was triggered.
_______________________________________________
Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/listinfo/clamav-users
Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation
https://docs.clamav.net/#mailing-lists-and-chat
