On Tue, Aug 16, 2016 at 12:35 PM, Steve basford
<steveb_cla...@sanesecurity.com> wrote:
> Try clamscan --debug 2>debug.log and I think that should show you a domain.

Ah yes, thanks. It appears it's marked it because the URLs were too different:

LibClamAV debug: Phishing: looking up in whitelist:
.click.capitaloneemail.com:.mi.capitalone.com; host-only:1
LibClamAV debug: Looking up in regex_list:
click.capitaloneemail.com:mi.capitalone.com/
LibClamAV debug: Lookup result: not in regex list
LibClamAV debug: Phishcheck: Phishing scan result: URLs are way too different

I'm not sure I'm ready to whitelist the rule just yet, however.

Thanks,
Alex
_______________________________________________
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Reply via email to