Try clamscan --debug 2>debug.log and I think that should show you a domain.
Cheers, Steve Web: sanesecurity.com Blog: sanesecurity.blogspot.com Twitter: @sanesecurity On 16 August 2016 17:32:31 Alex <mysqlstud...@gmail.com> wrote:
Hi, I have a false-positive with Heuristics.Phishing.Email.SpoofedDomain for capitaloneemail.com, but can't figure out how to use sigtool to determine which actual domain it thinks was spoofed. # sigtool --find-sigs Heuristics.Phishing.Email.SpoofedDomain | sigtool --decode-sigs # Why doesn't it display the signature with the above command? How do I scan the quarantined message to find out exactly what triggered this false positive? Thanks, Alex _______________________________________________ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
_______________________________________________ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml