Hi You cannot whitelist a sender in ClamAV. Whitelisting happens in the software that calls ClamAV.
The alternative is to disable spoofing checks in ClamAV configuration. They're not enabled by default, so if your ClamAV checks spoofing, then someone enabled it on purpose. As Al already pointed out you can whitelist the offending link construct. To identify the offending link in the mail you need to perform a bit of analysis: clamscan /path/to/mailfile.eml --debug 2>&1 | less I don't have a working example at hand, so here's a little outline from my memory: search in less output for the word "different" nearby that match (a few lines above, iirc) you'll find the offending value looking something like yada yada yaday amazon.com:amazon.de yada yada yada (using amazon just as an example) In your clamav signature directory you then create a file called spoofing.wdb with this content: X:amazon\.com:amazon\.de (copy the hit from clamav debug output, prepend X: and escape all regex specials) Alternatively have the sender fix the broken link you identified above. HTH _______________________________________________ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml