As you have noted, this is a common situation. Anytime the actual URL does not closely match the displayed URL you'll get an alert unless it has been added to an M or X signature in the database. I haven't been convinced that anybody is maintaining that list of exceptions, so disabling it is probably your best defense at this point. Perhaps you could generate your own M/X records if phishing is a big problem, but educating users to not blindly click on ever link would be a better course of action.
Sent from my iPad -Al- On Apr 20, 2021, at 05:30, Robert Kudyba <[email protected]> wrote: > An important email from our university president was quarantined with > Heuristics.Phishing.Email.SSL-Spoof. I submitted the email as an attachment > to ClamAV. I'm also disabling it based on past reports such as > https://qmailtoaster-list.qmailtoaster.narkive.com/NYaYAjLl/disabling-clamav-heuristic-phishing-checks, > > https://portal.smartertools.com/community/a1225/how-to-disable-a-specific-clamav-scan.aspx > and https://sanesecurity.com/support/false-positives/
_______________________________________________ clamav-users mailing list [email protected] https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
