On Tue, 23 Mar 2021, Joe Acquisto-j4 wrote:
In log find (snipped)
". . .infected by Heuristics.OLE2.ContainsMacros.VBA"
and
". . .infected by Heuristics.Phishing.Email.SpoofedDomain"
I love the first one but loathe the second one.
Is there some secret sauce to
allow discriminating between them?
If I remember correctly, I used to do this in my MTA - exim,
filtering in the ACL based on the text wjich you are logging.
--
Andrew C. Aitchison Kendal, UK
[email protected]
_______________________________________________
clamav-users mailing list
[email protected]
https://lists.clamav.net/mailman/listinfo/clamav-users
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/contact.html#ml
