Am 23.08.2018 um 20:08 schrieb Marcus Schopen:
> Hi,
>
> Am Dienstag, den 14.11.2017, 11:20 +0100 schrieb Hajo Locke:
>> Hello,
>>
>> based on my working whitelist regex i would say the 2nd part should
>> not
>> look only for amazon\.com
>>
>>
>> If i understood it the correct way it should be something like:
>>
>> X:.+\.amazon\.(at|ca|co\.uk|co\.jp|com|de|fr)([/?].*)?:.+\.amazon\.(c
>> om|de)([/?].*)?
>>
>> Using this regex shows a clean mail. May be more extensions are
>> needed
>> on right side, dependent on amazon changes/uses on different domains.
>
> Anything new on this? Is above rule still working? Some of my amazon
> mails are blocked by "Phishing.Email.SpoofedDomain" too, e.g.:
>
> http://www.adobe.com/de/products/acrobat/readstep2.html
> -> https://sellercentral-europe.amazon.com/...
that BULLSHIT never worked and makes more problems than it solves for
years now, either run two instances where the one with
"PhishingScanURLs" don't make hard-rejects (in my example it#s part of
spamassassin scroing) or disable that option
[root@mail-gw:~]$ cat /etc/clamd.d/scan.conf | grep PhishingScanURLs
PhishingScanURLs no
[root@mail-gw:~]$ cat /etc/clamd.d/scan-sa.conf | grep PhishingScanURLs
PhishingScanURLs yes
_______________________________________________
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/contact.html#ml
