On 2/27/2023 3:47 PM, joe a wrote:
Got an email marked as infected by clamav. I cannot determine what was
detected.
A long time ago I asked here and someone described how to scan an
individual email file, log the results and scan the log for what was
detected. Or maybe clued me in on which log I was not searching properly.
Did not find that conversation it in the email archives.
_______________________________________________
Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/listinfo/clamav-users
Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation
https://docs.clamav.net/#mailing-lists-and-chat
Well never mind that part, it is shown clearly in /var/log/clamd.log as
"Heuristics.Phishing.Email.SpoofedDomain".
What I think I conflated that with the means to determine the details so
I can add that to a .ign* file. Something to do with debug mode I think.
_______________________________________________
Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/listinfo/clamav-users
Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation
https://docs.clamav.net/#mailing-lists-and-chat
