Hi, I have a false-positive with Heuristics.Phishing.Email.SpoofedDomain for capitaloneemail.com, but can't figure out how to use sigtool to determine which actual domain it thinks was spoofed.
# sigtool --find-sigs Heuristics.Phishing.Email.SpoofedDomain | sigtool --decode-sigs # Why doesn't it display the signature with the above command? How do I scan the quarantined message to find out exactly what triggered this false positive? Thanks, Alex _______________________________________________ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
