On Sun 22/Dec/2019 12:26:04 +0100 Gerard E. Seibert via clamav-users wrote: > I have this line in that file: > > From:market...@snopes.com > > However, that file is being blocked with this message in the > clamav-milter.log file: > > Fri Dec 20 20:12:00 2019 -> Message from > <snopescom-cdyjlit1jrhddllj...@cmail20.com> to > <<gerard_seib...@seibercom.net>> infected by > SecuriteInfo.com.Spam-50327.UNOFFICIAL
Obviously, that's the from they mean. > I figure I am either entering the info in the file incorrectly, or I am > entering the wrong info. I cannot reliably use the "Return-Path:", > because it is not a constant. Perhaps you could try and match From:snopescom-.*@cmail20.com? I don't use the milter, but if I were I'd look for an option to whitelist only 'Spam' or 'Heuristic' from authenticated reliable senders. To whitelist everything after a fuzzy regex that anybody can impersonate looks quite dangerous. Best Ale -- _______________________________________________ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
