Am 18.05.2017 um 12:41 schrieb [email protected]:
Mail from our client Paypal is being wrongly flagged as phishing by ClamAv. We get this type of bounce erros: 554 Your email was rejected because it contains the Heuristics.Phishing.Email.SpoofedDomain virus Mailing IPs: 142.54.244. [96-110] Mailing domains:mail.paypal.at, mail.paypal.nl, mail.paypal.com, mail.paypal.pl Date of issue: 09 May 2017 Please make the necessary changes to your product ASAP
i complained about that many months ago, frankly it was the reason to register for the ML at all and that you can't whitelist "Heuristics.Phishing.Email.SpoofedDomain" with a ign2 file and so you have to turn off other things too like google sfafebrowsing
clamav is literally unuseable until you fire up at least two instances, fix the spamassassin-clamav plugin so that is supports more than one instance and score them different or don't score it high at all
These emails are legitimate, sent to optin customers of Paypal, and authenticate with SPF, DKIM and DMARC.
clamav has no way to verify that and hence the "Heuristics.Phishing.Email.SpoofedDomain" should not exist at all or at least have a option to disable that *and only* that
_______________________________________________ clamav-users mailing list [email protected] http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
