Re: [clamav-users] Whitelisting FP domains

Alex Thu, 06 Oct 2016 07:39:47 -0700

>> We have reports of a domain being blacklisted and we don't think it
>> should be:
>>
>> LibClamAV debug: Phishcheck:Checking url
>> http://www.hospitalitytec.com->www.hospitalitytec.com
>
> I think its better to keep the domain listed at the moment..
>
> https://www.virustotal.com/en/url/291d973f15db6a186cf6b947f15794c4b12f1846fb5969ffa4057c9f20eda7b2/analysis/1475758916/


Okay, thanks, I have notified them.

I have another that was just discovered. Is this a sanesecurity
pattern and could it be a FP? There's no reference to it on virustotal
or elsewhere:

# sigtool --find-sigs winnow.spam.ts.miscspam.1025807 | sigtool --decode-sigs
VIRUS NAME: winnow.spam.ts.miscspam.1025807
TARGET TYPE: HTML
OFFSET: *
DECODED SIGNATURE:
{STRING_ALTERNATIVE:.|/|@| |<}americanas.com.br{STRING_ALTERNATIVE:'|"| |/|=|>|

Thanks,
Alex
_______________________________________________
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Whitelisting FP domains

Reply via email to