s via clamav-users
Cc: G.W. Haywood
Subject: Re: [clamav-users] Understanding
'Heuristics.Phishing.Email.SpoofedDomain' debug output
Hi there,
On Wed, 11 Nov 2020, Mickey Williams via clamav-users wrote:
> I'm trying and failing to understand the debug output ...
You're not alone
Hi there,
On Wed, 11 Nov 2020, Mickey Williams via clamav-users wrote:
I'm trying and failing to understand the debug output ...
You're not alone. Perhaps this extract from .../libclamav/regex_list.c
will shed some light. The last paragraph is particularly amusing. :/
...
reverse_strin
Hi,
I'm trying and failing to understand the debug output for a positive phishing
check result coming from a legitimate email from a bank.
If I do a scan with the debug flag I get the following -
LibClamAV debug: Looking up in regex_list: www.hsbc.co.uk/
LibClamAV debug: calc_pos_with_skip: ski