Someone just emailed me offlist to see if I found a solution - I haven't
seen anything, although for the one customer who reported the problem I
just whitelisted the Google Alerts email further upstream in the
filtering process.
Any suggestions for a solution within ClamAV beyond disabling the
heuristics rules (for those who can't whitelist these messages further
upstream)?
-kgd
Kris Deugau wrote:
I'd whitelist the specific URLs in question, but they vary from message
to message, since they're in the form:
http://www.google.com/url?sa=X&q=http://<othersite>....
(the full URL runs about 500 characters in total - so far as I
understand the SpoofedDomain heuristic, it's only that first pair of
site names that trigger it).
The visible URLs are essentially http://<othersite>....
Is there any way to whitelist all of these in daily.wdb?
-kgd
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
