Yea for now I just created the line as peer the doc ( https://docs.clamav.net/manual/Signatures/PhishSigs.html#wdb-format ) and it’s working.
For Heuristics.Phishing.Email.SpoofedDomain it’s not an « ignore list » bit an « allow list of real URL and display URL that you want to allow. echo "M:can01.safelinks.protection.outlook.com<http://can01.safelinks.protection.outlook.com>:www.desjardins.com<http://www.desjardins.com>" >> /var/lib/clamav/local.wdb systemctl restart clamd Too many people including banks putting all their confidence in big cloud service. Mathieu Morier, Administrateur Internet / Network Administrator Ce message est confidentiel et destiné uniquement aux destinataires dûment nommés. Il peut contenir de l'information couverte par le secret professionnel. Il est strictement défendu à toute personne qui n'est pas un destinataire dûment nommé de diffuser ce message ou d'en faire une copie. Si vous n'êtes pas un destinataire dûment nommé ou un employé ou mandataire chargé de livrer ce message à un destinataire dûment nommé, veuillez nous aviser sans tarder et supprimer ce message ainsi que toute copie qui peut en avoir été faite. This message is confidential and intended only for the named recipients. It may contain information that is privileged. Any dissemination or copying of this message by anyone other than a named recipient is strictly prohibited. If you are not a named recipient or an employee or agent responsible for delivering this message to a named recipient, please notify us immediately, and permanently destroy this message and any copies you may have. Le 13 juin 2022 à 17:59, G.W. Haywood via clamav-users <clamav-users@lists.clamav.net<mailto:clamav-users@lists.clamav.net>> a écrit : Hi there, On Mon, 13 Jun 2022, Mathieu Morier via clamav-users wrote: Look like many Canadian Banks are switching their corporate email to Office 365 ( Microsoft cloud ) and all the links in their email are then automatically change ... Don't get me started. ... links to ... hit the Heuristics.Phishing.Email.SpoofedDomain . ... Can this rule be changed ... Speaking personally, I don't want it to be changed but you could for example add an 'ignore' rule: https://docs.clamav.net/manual/Signatures/AllowLists.html?highlight=ignore#signature-ignore-lists Then will have to trust Microsoft ... ... currently the second worst spam support provider in the world, and rarely out of the top five: https://www.spamhaus.org/statistics/networks/ -- 73, Ged. _______________________________________________ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/Cisco-Talos/clamav-documentation https://docs.clamav.net/#mailing-lists-and-chat
_______________________________________________ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/Cisco-Talos/clamav-documentation https://docs.clamav.net/#mailing-lists-and-chat
