Sent from my iPad > On Mar 23, 2021, at 18:29, Joe Acquisto-j4 <j...@j4computers.com> wrote: > > The "spoofed domain" is the one I would rather allow to pass through without > comment or quarantine as some are "legitmate". But the docs did warn > about "false posititves". Although pedantic types (who me?) might argue it > is not a "false positive" if it met the testing criteria.
There is a whitelist capability (M & X records) that allow designated alternative domains to pass the heuristics tests, but my observation over several years now is that nobody seems to be maintaining those entries, resulting in the FP's observed. I can only guess that most users leave the option disabled resulting in whitelist maintenance not being a priority. -Al- _______________________________________________ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml