On Jan 22, 2014, at 7:25 AM, Alex <[email protected]> wrote: > On Tue, Jan 21, 2014 at 2:15 PM, Charles Swiger <[email protected]> wrote: >> On Jan 21, 2014, at 10:40 AM, Alex <[email protected]> wrote: >>> I received a number of messages on the 17th that were tagged incorrectly >>> with: >>> >>> X-Amavis-Alert: INFECTED, message contains virus: >>> Heuristics.Safebrowsing.Suspected-phishing_safebrowsing.clamav.net >>> >>> I tried to figure out what the pattern was, but apparently it no longer >>> exists? >> >> There is no specific pattern responsible for the "Heuristics" type. >> >> Basically, it generally indicates that the email contains URLs which take >> one to a >> different site than what is being displayed to the user. The "safebrowsing" >> string >> also suggests that one of the domains in question was listed on Google's >> blacklist >> of sites containing suspected malware. > > So I can assume that since clamscan no longer finds a virus, that the > string that triggered the false-positive is no longer part of the > blacklist?
There is no “string”. The heuristics process looks for suspicious formatting, usually involving an e-mail from a financial institution, but since this apparently comes from the Google SafeBrowsing folks, I guess you would have to find a way to ask them. -Al- -- Al Varnell Mountain View, CA _______________________________________________ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/support/ml
