On 01.03.22 17:15, Alex via clamav-users wrote:
I have a fedora34 system with clamd-0.103.5 and amavisd/SA/postfix. I
have a newsletter from ncua.gov that keeps getting blocked because it
apparently contains links.gd in the body somewhere, although I can't
find it.
How do I exclude this email from being tagged without having to bypass
the Heuristics.Phishing.Email.SpoofedDomain rule altogether?
X-Amavis-Alert: INFECTED, message contains virus:
Heuristics.Phishing.Email.SpoofedDomain
I think this can be enabled by disabling PhishingScanURLs in clamd.conf
I also think amavis has way to handle this kind of clamav result
differently, but that's question for amavis, not for clamav.
Also, I keep deleting the main.cvd database but it keeps replacing it.
How do I configure clamav so it only updates one of the main database
types?
clamscan -v virus-20220228T143424-suCp6LTlKRG5
LibClamAV Warning: Detected duplicate databases
/var/lib/clamav/main.cvd and /var/lib/clamav/main.cld, please manually
remove one of them
do you have both of them? which one is older?
Don't you have old clamav(-freshclam) installation hanging somewhere?
LibClamAV info: Real URL: https://lnks.gd
LibClamAV info: Display URL: chairmanharpersfullremarksareavailableonncua.gov
/root/quarantine/virus-20220228T143424-suCp6LTlKRG5:
Heuristics.Phishing.Email.SpoofedDomain FOUND
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Remember half the people you know are below average.
_______________________________________________
clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/contact.html#ml
