Joe Acquisto-j4 wrote:
In log find (snipped)
". . .infected by Heuristics.OLE2.ContainsMacros.VBA"
This is enabled by the AlertOLE2Macros directive in clamd.conf
". . .infected by Heuristics.Phishing.Email.SpoofedDomain"
This is enabled by the PhishingScanURLs directive in clamd.conf.
I
Hi there,
On Tue, 23 Mar 2021, Joe Acquisto-j4 wrote:
On Tuesday, March 23, 2021 at 5:02 PM, G.W. Haywood wrote:
On Tue, 23 Mar 2021, Joe Acquisto-j4 wrote:
". . .infected by Heuristics.OLE2.ContainsMacros.VBA"
and
". . .infected by Heuristics.Phishing.Email.SpoofedDomain"
I love the
On Tue, 23 Mar 2021, Joe Acquisto-j4 wrote:
In log find (snipped)
". . .infected by Heuristics.OLE2.ContainsMacros.VBA"
and
". . .infected by Heuristics.Phishing.Email.SpoofedDomain"
I love the first one but loathe the second one.
Is there some secret sauce to
allow discriminating between
Sent from my iPad
> On Mar 23, 2021, at 18:29, Joe Acquisto-j4 wrote:
>
> The "spoofed domain" is the one I would rather allow to pass through without
> comment or quarantine as some are "legitmate". But the docs did warn
> about "false posititves". Although pedantic types (who me?) might
> On Tuesday, March 23, 2021 at 5:02 PM, G.W. Haywood wrote:
>> On Tue, 23 Mar 2021, Joe Acquisto-j4 wrote:
>>
>> > In log find (snipped)
>>
>> Full marks for reading your logs. :)
>>
>> > ". . .infected by Heuristics.OLE2.ContainsMacros.VBA"
>> >
>> > and
>> >
>> > ". . .infected by
On Tuesday, March 23, 2021 at 5:02 PM, G.W. Haywood wrote:
> On Tue, 23 Mar 2021, Joe Acquisto-j4 wrote:
>
> > In log find (snipped)
>
> Full marks for reading your logs. :)
>
> > ". . .infected by Heuristics.OLE2.ContainsMacros.VBA"
> >
> > and
> >
> > ". . .infected by
Hi there,
On Tue, 23 Mar 2021, Joe Acquisto-j4 wrote:
In log find (snipped)
Full marks for reading your logs. :)
". . .infected by Heuristics.OLE2.ContainsMacros.VBA"
and
". . .infected by Heuristics.Phishing.Email.SpoofedDomain"
I love the first one but loathe the second one.
That's
In log find (snipped)
". . .infected by Heuristics.OLE2.ContainsMacros.VBA"
and
". . .infected by Heuristics.Phishing.Email.SpoofedDomain"
I love the first one but loathe the second one. Is there some secret sauce to
allow discriminating between them?
joe a