>>How can I put >>Phishing.Heuristics.Email.SpoofedDomain >>... in local.ign, if I can't find it in the files unpacked by sigtool? >>thanks >>Len > >Phishing heuristics sigs are not "real" signatures, so your choices include >disable the phishing heuristics in clamd.conf (PhishingScanURLs no
Although Barracudas have passed many phishing emails, and I was hoping clamd in cascade would help, I've had to do "PhishingScanURLs no" in clamd.conf. Way more FPs than TPs, and a nice variety, too. One day, it stopped all nytimes.com headlines alerts, and it blocked monthly notices about credit card balances, which looked legit from the content, and from all the Received: headers. I just caught an FP where one of our DSL users sent to herself, directly to our submission box running clamd, from the IP she successfully POPs from, a .gov job site notice. I guess I'll here from her soon. :) Len _______________________________________________ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
