This might help shed some light: https://github.com/vrtadmin/clamav-faq/blob/master/faq/faq-safebrowsing.md
If you can locate the safebrowsing.cvd on your computer, you can unpack it with sigtool and view at the contents. On Tue, Jan 21, 2014 at 1:40 PM, Alex <[email protected]> wrote: > Hi, > > I received a number of messages on the 17th that were tagged incorrectly > with: > > X-Amavis-Alert: INFECTED, message contains virus: > Heuristics.Safebrowsing.Suspected-phishing_safebrowsing.clamav.net > > I tried to figure out what the pattern was, but apparently it no longer > exists? > > # sigtool --find-sigs Heuristics.Safebrowsing | sigtool --decode-sigs > > I've tried variations of this, but was unable to locate any signs of it. > > What is the proper way to search for this particular pattern, and does > anyone have any info on what it might have been on the 17th that would > cause such a false-positive? > > Thanks, > Alex > _______________________________________________ > Help us build a comprehensive ClamAV guide: > https://github.com/vrtadmin/clamav-faq > http://www.clamav.net/support/ml > _______________________________________________ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/support/ml
