Am 31.05.2017 um 12:41 schrieb Joel Esler (jesler):
So is it us that needs to adjust our software for something that PayPal is
doing? Or should PayPal adjust what they are doing?
you need to adjust when you pretend something is phising while it's
legit which can be verified by SPF/DKIM and that clamav has no way to
verify SPF is no excuse, it proves only that it's wrong
Sent from my iPhone
On May 31, 2017, at 06:38, Al Varnell <alvarn...@mac.com> wrote:
OK, I managed to clean it up enough and added a fake header so I could run
clamscan --debug and it confirmed my suspicions:
LibClamAV debug: Phishcheck:host:.epl.paypal-communication.com
LibClamAV debug: Phishing: looking up in whitelist:
.epl.paypal-communication.com:.www.paypal.com; host-only:1
LibClamAV debug: Looking up in regex_list:
epl.paypal-communication.com:www.paypal.com/
LibClamAV debug: Lookup result: not in regex list
LibClamAV debug: Phishcheck: Phishing scan result: URLs are way too different
LibClamAV debug: found Possibly Unwanted:
Heuristics.Phishing.Email.SpoofedDomain
_______________________________________________
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/contact.html#ml
