On Tue, Aug 16, 2016 at 12:35 PM, Steve basford <steveb_cla...@sanesecurity.com> wrote: > Try clamscan --debug 2>debug.log and I think that should show you a domain.
Ah yes, thanks. It appears it's marked it because the URLs were too different: LibClamAV debug: Phishing: looking up in whitelist: .click.capitaloneemail.com:.mi.capitalone.com; host-only:1 LibClamAV debug: Looking up in regex_list: click.capitaloneemail.com:mi.capitalone.com/ LibClamAV debug: Lookup result: not in regex list LibClamAV debug: Phishcheck: Phishing scan result: URLs are way too different I'm not sure I'm ready to whitelist the rule just yet, however. Thanks, Alex _______________________________________________ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
