That's indicating that there is a link in the email that's displaying " www.americanexpress.com" but is actually going to "www.amazonbusiness.com". It's hard to help without seeing the original email code.
On Thu, Mar 17, 2022 at 12:55 PM Alex via clamav-users < clamav-users@lists.clamav.net> wrote: > Hi, > The link description is a URL and apparently doesn't match the link > itself, resulting in email from Amazon Business being marked as > malicious. Do I just add this to some kind of allow/bypass list? > > How do I go about doing that? > > $ clamscan -v amazon-fp.eml > Scanning /home/alex/quarantine/amazon-fp.eml > LibClamAV info: Suspicious link found! > LibClamAV info: Real URL: https://www.amazonbusiness.com > LibClamAV info: Display URL: www.americanexpress.com > /root/quarantine/amazon-fp.eml: Heuristics.Phishing.Email.SpoofedDomain > FOUND > > _______________________________________________ > > clamav-users mailing list > clamav-users@lists.clamav.net > https://lists.clamav.net/mailman/listinfo/clamav-users > > > Help us build a comprehensive ClamAV guide: > https://github.com/vrtadmin/clamav-faq > > http://www.clamav.net/contact.html#ml >
_______________________________________________ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml