Nigel Horne wrote: >> The AV:Phishing.Heuristics.Email.SpoofedDomain is a ClamAv heuristically >> determined spoofed domain. It is fairly prone to false positives, so it >> might not be a good idea to place it in the meta-group L_AV_Phish, which >> are signature-based. > > > If you find any problems with ClamAV's heuristic checking for phish that > lead to problems such as false positives, > please post them to bugs.clamav.net. Thanks. > > -Nigel
Nigel, One problem with posting some of the FP Spoofed Domain email is that they often contain encoded personal information, and sanitizing takes time, or isn't obvious. I see many from the NRA (nra-ila_ale...@www.ilaalerts.org), Wachovia (customerserv...@wachoviapossibilities.com, http://dls-email.b= fi0.com), etc. I'm not sure what is safe to sanitize, strip, remove. I'm happy to post my FPs, but not those of my email users. MrC ------------------------------------------------------------------------------ This SF.net email is sponsored by: SourcForge Community SourceForge wants to tell your story. http://p.sf.net/sfu/sf-spreadtheword _______________________________________________ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
