Alex wrote:
> Hi,
>
> I have a false-positive with Heuristics.Phishing.Email.SpoofedDomain
> for capitaloneemail.com, but can't figure out how to use sigtool to
> determine which actual domain it thinks was spoofed.
>
> # sigtool --find-sigs Heuristics.Phishing.Email.SpoofedDomain |
> sigtool --d
On Tue, Aug 16, 2016 at 12:35 PM, Steve basford
wrote:
> Try clamscan --debug 2>debug.log and I think that should show you a domain.
Ah yes, thanks. It appears it's marked it because the URLs were too different:
LibClamAV debug: Phishing: looking up in whitelist:
.click.capitaloneemail.com:.mi.c
Try clamscan --debug 2>debug.log and I think that should show you a domain.
Cheers,
Steve
Web: sanesecurity.com
Blog: sanesecurity.blogspot.com
Twitter: @sanesecurity
On 16 August 2016 17:32:31 Alex wrote:
Hi,
I have a false-positive with Heuristics.Phishing.Email.SpoofedDomain
for capita
Am 16.08.2016 um 18:31 schrieb Alex:
I have a false-positive with Heuristics.Phishing.Email.SpoofedDomain
for capitaloneemail.com, but can't figure out how to use sigtool to
determine which actual domain it thinks was spoofed.
# sigtool --find-sigs Heuristics.Phishing.Email.SpoofedDomain |
sig
Hi,
I have a false-positive with Heuristics.Phishing.Email.SpoofedDomain
for capitaloneemail.com, but can't figure out how to use sigtool to
determine which actual domain it thinks was spoofed.
# sigtool --find-sigs Heuristics.Phishing.Email.SpoofedDomain |
sigtool --decode-sigs
#
Why doesn't it
You probably already realize that we didn’t receive fifteen messages from the
clamav-virusdb list for four days (daily - 22070 through daily - 22084) and
they are not in the archives.
-Al-
--
Al Varnell
Mountain View, CA
smime.p7s
Description: S/MIME cryptographic signature
_
Hello Jack,
> Great, thanks. Here is the output with ‘—debug’:
>
> LibClamAV debug: Initialized 0.99.2 engine
> LibClamAV debug: in cli_ole2_extract()
> LibClamAV debug: OLE2 magic failed!
> LibClamAV debug: Cleaning up phishcheck
> LibClamAV debug: Phishcheck cleaned up
>
> To note, the documen