Re: [clamav-users] Understanding 'Heuristics.Phishing.Email.SpoofedDomain' debug output

2020-11-17 Thread Mickey Williams via clamav-users
s via clamav-users Cc: G.W. Haywood Subject: Re: [clamav-users] Understanding 'Heuristics.Phishing.Email.SpoofedDomain' debug output Hi there, On Wed, 11 Nov 2020, Mickey Williams via clamav-users wrote: > I'm trying and failing to understand the debug output ... You're not alone

Re: [clamav-users] Understanding 'Heuristics.Phishing.Email.SpoofedDomain' debug output

2020-11-11 Thread G.W. Haywood via clamav-users
Hi there, On Wed, 11 Nov 2020, Mickey Williams via clamav-users wrote: I'm trying and failing to understand the debug output ... You're not alone. Perhaps this extract from .../libclamav/regex_list.c will shed some light. The last paragraph is particularly amusing. :/ ... reverse_strin

[clamav-users] Understanding 'Heuristics.Phishing.Email.SpoofedDomain' debug output

2020-11-11 Thread Mickey Williams via clamav-users
Hi,  I'm trying and failing to understand the debug output for a positive phishing check result coming from a legitimate email from a bank. If I do a scan with the debug flag I get the following - LibClamAV debug: Looking up in regex_list: www.hsbc.co.uk/ LibClamAV debug: calc_pos_with_skip: ski