Re: [Clamav-users] False positive Phishing.Heuristics.Email.SpoofedDomain

2008-08-04 Thread Jiri Demel
Török Edwin wrote: > On 2008-08-01 16:40, Jiri Demel wrote: > >> Is there any possiility to have some sort of a local whitelist >> for the phishing heuristics in ClamAV? >> Or should I try to "solve" it in MimeDefang from which I call ClamAV? >> >> > > You can create a local.wdb file, and

Re: [Clamav-users] False positive Phishing.Heuristics.Email.SpoofedDomain

2008-08-01 Thread Kris Deugau
Jiri Demel wrote: > Is there any possiility to have some sort of a local whitelist > for the phishing heuristics in ClamAV? > Or should I try to "solve" it in MimeDefang from which I call ClamAV? Since you're using MIMEDefang to call ClamAV, I'd suggest something like what I've done; phishing "v

Re: [Clamav-users] False positive Phishing.Heuristics.Email.SpoofedDomain

2008-08-01 Thread Török Edwin
On 2008-08-01 16:40, Jiri Demel wrote: > Hi. > > One of our users has subscribed to a mailing list all mails from which > are classified by ClamAV as "Phishing.Heuristics.Email.SpoofedDomain". > > After some googling and experimental changing various parts of the > mail I discovered that the probl

[Clamav-users] False positive Phishing.Heuristics.Email.SpoofedDomain

2008-08-01 Thread Jiri Demel
Hi. One of our users has subscribed to a mailing list all mails from which are classified by ClamAV as "Phishing.Heuristics.Email.SpoofedDomain". After some googling and experimental changing various parts of the mail I discovered that the problem is in html link where href="http://tinyurl.c

Re: [Clamav-users] False positive Phishing.Heuristics.Email.SpoofedDomain

2008-02-25 Thread Manuel Lemos
Hello, on 02/22/2008 12:23 PM Jan-Pieter Cornet said the following: >> I tracked down the issue and found that ClamAV was marking the messages >> as Phishing, specifically Phishing.Heuristics.Email.SpoofedDomain . >> >> I tested the message and isolated the HTML excerpt that seemed to >> trigger t

Re: [Clamav-users] False positive Phishing.Heuristics.Email.SpoofedDomain

2008-02-22 Thread Jan-Pieter Cornet
On Thu, Feb 21, 2008 at 07:49:27PM -0300, Manuel Lemos wrote: > I have site that once in a while sends e-mail alerts about new book > reviews published in the site. > > Recently I noticed that some Dutch e-mail servers were rejecting the > review alert messages because the site IP address was list

[Clamav-users] False positive Phishing.Heuristics.Email.SpoofedDomain

2008-02-21 Thread Manuel Lemos
Hello, I have site that once in a while sends e-mail alerts about new book reviews published in the site. Recently I noticed that some Dutch e-mail servers were rejecting the review alert messages because the site IP address was listed in VirBL . I tracked down the issue and found that ClamAV wa