Hi, This HTML is resulting in an FP with hyatt.com and chase.com: <a href=3D"http://e.hyatt.com/a/hBXBU6kB8hHSgB9KBuvAATyM-YE/gpgchfaq?MARKET= ING_CODE=3DHycardSolo16GE1T&RECIPIENT_ID=3DG-G96179703L" target=3D"_blank" = style=3D"color:#1564a4; text-decoration:underline;">www.Chase.com/RewardsFA= Qs</a>.
LibClamAV debug: Phishcheck:Checking url http://e.hyatt.com/a/hBXBU6kB8hHSgB9KBuvAATyM-YE/gpgchfaq?MARKETING_CODE=HycardSolo16GE1T&recipient_id=G-G96179703L->www.Chase.com/RewardsFAQs LibClamAV debug: Phishcheck: Phishing scan result: URLs are way too different LibClamAV debug: found Possibly Unwanted: Heuristics.Phishing.Email.SpoofedDomain This HTML is resulting in an FP with hilton.com and americanexpress.com: <a href=3D"http://h1.hilton.com/a/hBXBouxAJZxlvB9L9= L5ArLZiuwY/hhon28" style=3D"color: #7c7c7c;">AmericanExpress.com/PPterms</a> LibClamAV debug: Phishcheck:Checking url http://h1.hilton.com/a/hBXBouxAJZxlvB9L9L5ArLZiuwY/hhon28->AmericanExpress.com/PPt erms LibClamAV debug: Phishcheck: Phishing scan result: URLs are way too different LibClamAV debug: found Possibly Unwanted: Heuristics.Phishing.Email.SpoofedDomain I've added two entries to my whitelist.wdb file: X:.+hilton\.com:americanexpress\.com:17- X:.+hyatt.com:www.chase.com:17- Thanks, Alex _______________________________________________ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
