Kris Deugau wrote: > How do I whitelist all combinations of TLD 1 and TLD 2 with/without > subdomains in one entry? > > I've just had a series of FP reports, all appear to be triggered by a > Scotiabank internal mail system URL that shows scotiabank.com (with a > host/subdomain in some messages, without in others) and a real link > target of scotiamail.bns (again, may or may not have a host/subdomain). > > M:scotiabank.com:scotiamail.bns > > works on *some* messages... but not all of them. Apparently the > host/domain isn't consistently cut down to the bare TLD. > > I don't want to have to add "many" variant entries, because I don't know > what variations might appear. For the time being I've added 4 entries > that seem to cover the variants I have on hand currently.
Anyone? I've come across another variant; accountonline.com and citibank.com - both even show the same WHOIS info. I want to whitelist links that show (or have images originating in) "*.citibank.com", with links whos target is "*.accountonline.com". Once again, I don't want to have to enter "many" variant entries, because I'm certain to miss one. -kgd _______________________________________________ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
