Hi there,
On Tue, 23 Mar 2021, Joe Acquisto-j4 wrote:
On Tuesday, March 23, 2021 at 5:02 PM, G.W. Haywood wrote:
On Tue, 23 Mar 2021, Joe Acquisto-j4 wrote:
". . .infected by Heuristics.OLE2.ContainsMacros.VBA"
and
". . .infected by Heuristics.Phishing.Email.SpoofedDomain"
I love the first one but loathe the second one.
I don't think I understand the question.
There are two distinct names for two different classes of threat.
What exactly are you looking for that isn't provided by the names?
Do you mean distinguishing between individual examples of the type of
threat? Perhaps you should be looking at your log verbosity, or perhaps
something which analyzes suspect data more thoroughly. Are these logs the
result of scanning filesystems, scanning mail, or...?
I was not clear. ...
Correct.
The "spoofed domain" is the one I would rather allow to pass through without
comment or quarantine as some are "legitmate". But the docs did warn
about "false posititves". Although pedantic types (who me?) might argue it
is not a "false positive" if it met the testing criteria.
So this is only when you're scanning mail?
That settles that, apparently. All or nothing.
Not necessarily.
But it will help enormously if you will answer my questions.
--
73,
Ged.
_______________________________________________
clamav-users mailing list
[email protected]
https://lists.clamav.net/mailman/listinfo/clamav-users
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/contact.html#ml
