On Wed, May 31, 2017 at 11:44 PM, Reindl Harald wrote: > > why i am so emotional about this topic? > > because *THAT ISSUE* i originally registered on this list and *you* > recommended at > http://lists.clamav.net/pipermail/clamav-users/2016-July/003111.html "You > must disable Heuristics using clamd.conf and clamscan options" while all you > guys which recommend that not realizing that it would disable safebrowsings > too and so CLAMAV IS BROKEN BY DESIGN as long nobody either makes that crap > whitelisteable with ign2-files, removes it completly or make a switch *only* > diable that crap without other heuristics
Yes, I remember that very well. Looks like ClamAV may be taking some action on it, hopefully sooner than later. In the meanwhile, have you tried using a local.sfp file containing whitelisted pairs? You could either fill it with "M" records for each pair, e.g. M:http://epl.paypal-communication.com/:www.paypal.com or a Regex formatted "X" record for multiple country codes, e.g. X:.+\.paypal-communications\.(de|fr|it|at|ca|be|ch|nl|pl|es|co\.uk|com|com\.(au|cn|hk|my|sg))([/?].*)?:(.+\.)?paypal\.(at|be|ca|ch|co\.uk|de|es|fr|ie|in|it|nl|ph|pl|com|com\.(au|cn|hk|my|sg))([/?].*)? -Al- -- Al Varnell Mountain View, CA
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ clamav-users mailing list [email protected] http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
