Hi,
I have a fedora34 system with clamd-0.103.5 and amavisd/SA/postfix. I
have a newsletter from ncua.gov that keeps getting blocked because it
apparently contains links.gd in the body somewhere, although I can't
find it.
How do I exclude this email from being tagged without having to bypass
the Heuristics.Phishing.Email.SpoofedDomain rule altogether?
X-Amavis-Alert: INFECTED, message contains virus:
Heuristics.Phishing.Email.SpoofedDomain
Also, I keep deleting the main.cvd database but it keeps replacing it.
How do I configure clamav so it only updates one of the main database
types?
clamscan -v virus-20220228T143424-suCp6LTlKRG5
LibClamAV Warning: Detected duplicate databases
/var/lib/clamav/main.cvd and /var/lib/clamav/main.cld, please manually
remove one of them
Scanning /root/quarantine/virus-20220228T143424-suCp6LTlKRG5
LibClamAV info: Suspicious link found!
LibClamAV info: Real URL: https://lnks.gd
LibClamAV info: Display URL: chairmanharpersfullremarksareavailableonncua.gov
/root/quarantine/virus-20220228T143424-suCp6LTlKRG5:
Heuristics.Phishing.Email.SpoofedDomain FOUND
The entire email can be found here:
https://pastebin.com/EXZ1fDpK
_______________________________________________
clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/contact.html#ml
