Hi there,
On Thu, 11 Aug 2022, joe a wrote:
A while back discussed excluding some URL's from triggering the heueristics
scan. Seemed to work. Postfix, spamassassin, clamav in use.
Now seems some addtional URL's are involved. Perhaps I am doing something
wrong here.
Been determining (?) the offending URL's by examining the entire email using:
clamscan --debug --file-list=SFILE --log=RESULT.txt 2> result.txt
then looking for offenders using:
grep -iB4 "Phishing scan result: URLs are way too different" myfile.txt
entering the URL seen in "Real URL: http://some.url"; into
"/var/lib/clamav/somefile.wdb" and restarting clamd (systemctl restart
clamd.service)
I would presume re-scanning as above should no longer flag the offending
URL(s)?
You presume a lot. The documentation seems to say otherwise:
https://docs.clamav.net/manual/Signatures/PhishSigs.html#wdb-format
--
73,
Ged.
_______________________________________________
clamav-users mailing list
[email protected]
https://lists.clamav.net/mailman/listinfo/clamav-users
Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation
https://docs.clamav.net/#mailing-lists-and-chat
