It's possible for ClamAV to fix that by providing an update record which would whitelist that particular match for PayPal. Normally you would just have to upload the message to ClamAV's False Positive page with an explanation, but in this case, since it's embedded in that Thunderbird mailbox. They should be able to do that based on the information in your clamdeb.txt file, but would need to respond to this discussion that they it's something they want to do.
-Al- On Thu, Feb 16, 2017 at 05:27 AM, ellanios82 wrote: > > On 02/16/17 15:00, Mark Allan wrote: >> simply to add 2>&1 to the end of your command, to redirect stderr to stdout. >> >> clamscan >> --debug/home/user/.thunderbird/9i9wirek.default/Mail/pop.gmail.com/bus<http://pop.gmail.com/bus> >> >> clamdeb.txt 2>&1 > > - again thank you for being Really helpful { not just demonstrating 'clever' } > > > - turns out the Spoofed Domain message was from PayPal > > ........ > > thanks
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml