Hi, On Sat, Feb 1, 2014 at 5:32 AM, Al Varnell <[email protected]> wrote: > > On Jan 31, 2014, at 5:26 PM, Alex <[email protected]> wrote: > >> Hi, >> >> I found another false-positive, this time with >> Heuristics.Phishing.Email.SpoofedDomain and I'd like help in figuring >> out what domain within the email it thinks is spoofed. >> >> I've pasted the email here: >> >> http://pastebin.com/S7XkCg9a >> >> Any ideas greatly appreciated. > > LibClamAV debug: Phishcheck:host:.ems1.aeroplan.com > LibClamAV debug: Phishing: looking up in whitelist: > .ems1.aeroplan.com:.www.tdcanadatrust.com; host-only:1 > LibClamAV debug: Looking up in regex_list: > ems1.aeroplan.com:www.tdcanadatrust.com/ > LibClamAV debug: Lookup result: not in regex list > LibClamAV debug: Phishcheck: Phishing scan result: URLs are way too different > LibClamAV debug: found Possibly Unwanted: > Heuristics.Phishing.Email.SpoofedDomain
I don't understand what this means. How did you generate this? Where did the tdcanadatrust.com come from? Thanks, Alex _______________________________________________ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/support/ml
