Am 16.08.2016 um 18:31 schrieb Alex:
I have a false-positive with Heuristics.Phishing.Email.SpoofedDomain for capitaloneemail.com, but can't figure out how to use sigtool to determine which actual domain it thinks was spoofed. # sigtool --find-sigs Heuristics.Phishing.Email.SpoofedDomain | sigtool --decode-sigs # Why doesn't it display the signature with the above command? How do I scan the quarantined message to find out exactly what triggered this false positive?
i disabled them entirely because i still need to face anything else than false positives from that rules....
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
