MrC wrote: > Nigel Horne wrote: >>> The AV:Phishing.Heuristics.Email.SpoofedDomain is a ClamAv heuristically >>> determined spoofed domain. It is fairly prone to false positives, so it >>> might not be a good idea to place it in the meta-group L_AV_Phish, which >>> are signature-based. >> >> If you find any problems with ClamAV's heuristic checking for phish that >> lead to problems such as false positives, >> please post them to bugs.clamav.net. Thanks. >> >> -Nigel > > Nigel, > > One problem with posting some of the FP Spoofed Domain email is that > they often contain encoded personal information, and sanitizing takes > time, or isn't obvious. > > I see many from the NRA ([email protected]), Wachovia > ([email protected], http://dls-email.b= > fi0.com), etc. > > I'm not sure what is safe to sanitize, strip, remove. > > I'm happy to post my FPs, but not those of my email users.
I understand your concern. An alternative is to spend some time locating what is wrong and opening a bug at bugs.clamav.net > MrC -Nigel ------------------------------------------------------------------------------ This SF.net email is sponsored by: SourcForge Community SourceForge wants to tell your story. http://p.sf.net/sfu/sf-spreadtheword _______________________________________________ AMaViS-user mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
