one header is from sendnode.com and the other one from sls-direct.de
this is one of the MIME-header:
X-Spam-Status: No, score=-1.619 tagged_above=-1000 required=7
tests=[AV:Heuristics.Phishing.Email.SpoofedDomain=0.1,
HEADER_FROM_DIFFERENT_DOMAINS=0.249, HTML_FONT_LOW_CONTRAST=0.001,
HTML_MESSAGE=0.001, POSTEO_BTC_B=0.01, POSTEO_GENERICS_LP_CCOUNT=0.01,
RCVD_IN_ABUSIX_WHITE=-2, RCVD_IN_DNSWL_NONE=-0.0001,
T_RCVD_IN_CSA_WHITELIST=0.01] autolearn=disabled
X-Posteo-Antispam-Signature: v=1; e=base64; a=aes-256-gcm;
d=tq7ngM2/JpxeKCE7x3oKNbzuOK5a2NHnEt9R6s548o4NWBMTE18t0Fx9xkJQ7nTZU1TM0nP2xqIosfmpQT/nSQQCVDyrJVgj2HE1PoGeP+i+dkcA9t6Uv5C9FPSCEcPE+u6/iFv5
Authentication-Results: posteo.de; dmarc=none (p=none dis=none)
header.from=sls-direkt.de
Authentication-Results: posteo.de;
dkim=pass (2048-bit key) header.d=sendnode.com header.i=@sendnode.com
header.b=Ms2neRyO;
dkim-atps=neutral
X-Posteo-TLS-Received-Status: TLSv1.3
Received: from mda38f.sendnode.com (mda38f.sendnode.com [185.98.184.143])
by mx04.posteo.de (Postfix) with ESMTPS id 4Gln4t192Mz10WC
for <x...@posteo.de>; Thu, 12 Aug 2021 15:06:22 +0200 (CEST)
MIME-Version: 1.0
Date: Thu, 12 Aug 2021 15:06:09 +0200
Message-ID: <5j4.57t...@sendnode.com>
From: Sparkasse Langen-Seligenstadt <mail...@sls-direkt.de>
To: <x...@posteo.de>
Reply-To: <mail...@sls-direkt.de>
Subject: Herzlich willkommen!
List-Unsubscribe:
<https://mailing.sparkasse.de/-list-unsubscribe/7168/6761/701/vUQn8vSJ>,
<mailto:list-unsubscr...@sendnode.com?subject=7168-6761-701-vUQn8vSJ>
List-Unsubscribe-Post: List-Unsubscribe=One-Click
List-ID: <1c00.1a69.sendnode.com>
X-Abuse-ID: MTI3LjAuMC4xLTcxNjgtNjc2MS03MDEtem5lcC5jaHJmcHVyeUBjYmZncmIucXI=
X-SendJob-ID: 206828196
X-Complaints-To: <ab...@sendnode.com>
X-CSA-Complaints: <csa-complai...@eco.de>
X-Mailer: Mailingwork
X-Fi-Abs-Verify: SFP
DKIM-Signature: v=1;
a=rsa-sha256;
q=dns/txt;
l=47242;
s=mdkv20200702;
t=1628773569;
c=relaxed/simple;
h=From:To:Reply-To:Subject:X-CSA-Complaints:List-Unsubscribe-Post:List-Unsubscribe;
d=sendnode.com;
bh=U8HbPK6DbgmQ2Aw524utUF5pT+EcPCR6uPh9N1oJDTc=;
b=Ms2neRyObxjnw/5kqX3YBADyoWW81EA2kavDX5NmBjq480N9Bv8LZgrOpBg4zM36ZjfbDIqD4v4bw0rHTFDDGehb0nDEgkK710Qhkil4Oeyrb1RoNVAFJnhM3Eh2sENnCdH6q0sMJFptEMjb9e5vf4+KHrON6VCbdJlLTv3sAPHH8b2E8GqhXinaI5PLB1JJqE8XW46VuekFMcbLvy6tRYGdy0HUciuKRkZiylneESKvzHbJ3vBrRWBNEo/8s2GaZuYNEjJsO/DOoRCZrmpJpEhcwn2/T7OneqTVtZXQOGWnsBpLJwbAamVMuwkrf7XTDSkyM74nGaT9jm3Nwh1/Ng==
Content-Type: multipart/alternative;
boundary="=_alternative_db2ca59dbda23e1a4edb30eaa2ffedc6"
Von / From: Matus Uhlar - Fantomas <mailto:uh...@fantomas.sk>
An / To: Newcomer01 <mailto:newcome...@posteo.de>
Gesendet / Sent: Freitag, Dezember 23, 2022 um 16:54 (at 04:54 PM) +0100
Betreff / Subject: Re: [clamav-users] false positive
On Dec 23, 2022, at 03:26, newcomer01 via clamav-users
<clamav-users@lists.clamav.net> wrote:
is there a way to submit a false positive "Phishing.Email.SpoofedDomain" so
that an exception can be added?
On 23.12.22 05:28, Al Varnell via clamav-users wrote:
A good start would be to tell us what the domain in question is.
What those domains in question are.
Phishing.Email.SpoofedDomain means there are two different domains in name
and URL, IIRC.
_______________________________________________
Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/listinfo/clamav-users
Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation
https://docs.clamav.net/#mailing-lists-and-chat
