On 09/03/2010 11:52 AM, Kris Deugau wrote:
I just received a report from a customer about a legitimate Amazon.ca
order confirmation that tripped the
Phishing.Heuristics.Email.SpoofedDomain code in Clamav (0.95.3 from
Debian lenny volatile).
I'm not sure what this heuristic test looks for, but after inspecting
the message source I'm pretty sure it triggered on amazon.ca in a URL
associated with an image retrieved from amazon.com.
I don't want to just add Amazon's sender address and name to the
customer's whitelist due to the spoof emails floating around. I'm
contacting him to see if I can release the message for analysis.
Are there any finer-grained controls on how this test works other than
PhishingScanURLs?
Any suggestions on how to allow Amazon.ca order email through without
blowing big holes in our filtering?
Hi,
You'll also see the problem with orders from Sears and a few other
retailers. I had to disable PhishingScanURLs here starting in early
December due to all the false positives.
Regards,
Rick
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
