Re: [clamav-users] Heuristics.Phishing.Email.SpoofedDomain FP

2016-08-16 Thread Kris Deugau
Alex wrote: > Hi, > > I have a false-positive with Heuristics.Phishing.Email.SpoofedDomain > for capitaloneemail.com, but can't figure out how to use sigtool to > determine which actual domain it thinks was spoofed. > > # sigtool --find-sigs Heuristics.Phishing.Email.SpoofedDomain | > sigtool

Re: [clamav-users] Heuristics.Phishing.Email.SpoofedDomain FP

2016-08-16 Thread Alex
On Tue, Aug 16, 2016 at 12:35 PM, Steve basford wrote: > Try clamscan --debug 2>debug.log and I think that should show you a domain. Ah yes, thanks. It appears it's marked it because the URLs were too different: LibClamAV debug: Phishing: looking up in whitelist:

Re: [clamav-users] Heuristics.Phishing.Email.SpoofedDomain FP

2016-08-16 Thread Steve basford
Try clamscan --debug 2>debug.log and I think that should show you a domain. Cheers, Steve Web: sanesecurity.com Blog: sanesecurity.blogspot.com Twitter: @sanesecurity On 16 August 2016 17:32:31 Alex wrote: Hi, I have a false-positive with

Re: [clamav-users] Heuristics.Phishing.Email.SpoofedDomain FP

2016-08-16 Thread Reindl Harald
Am 16.08.2016 um 18:31 schrieb Alex: I have a false-positive with Heuristics.Phishing.Email.SpoofedDomain for capitaloneemail.com, but can't figure out how to use sigtool to determine which actual domain it thinks was spoofed. # sigtool --find-sigs Heuristics.Phishing.Email.SpoofedDomain |

[clamav-users] Heuristics.Phishing.Email.SpoofedDomain FP

2016-08-16 Thread Alex
Hi, I have a false-positive with Heuristics.Phishing.Email.SpoofedDomain for capitaloneemail.com, but can't figure out how to use sigtool to determine which actual domain it thinks was spoofed. # sigtool --find-sigs Heuristics.Phishing.Email.SpoofedDomain | sigtool --decode-sigs # Why doesn't

[clamav-users] Missing "daily" e-mails

2016-08-16 Thread Al Varnell
You probably already realize that we didn’t receive fifteen messages from the clamav-virusdb list for four days (daily - 22070 through daily - 22084) and they are not in the archives. -Al- -- Al Varnell Mountain View, CA smime.p7s Description: S/MIME cryptographic signature

Re: [clamav-users] Sigtool parsing issues

2016-08-16 Thread Arnaud Jacques / SecuriteInfo.com
Hello Jack, > Great, thanks. Here is the output with ‘—debug’: > > LibClamAV debug: Initialized 0.99.2 engine > LibClamAV debug: in cli_ole2_extract() > LibClamAV debug: OLE2 magic failed! > LibClamAV debug: Cleaning up phishcheck > LibClamAV debug: Phishcheck cleaned up > > To note, the