one header is from sendnode.com and the other one from sls-direct.de
this is one of the MIME-header:
X-Spam-Status: No, score=-1.619 tagged_above=-1000 required=7
tests=[AV:Heuristics.Phishing.Email.SpoofedDomain=0.1,
HEADER_FROM_DIFFERENT_DOMAINS=0.249, HTML_FONT_LOW_CONTRAST=0.001,
HTML_MESSAGE=0.001, POSTEO_BTC_B=0.01, POSTEO_GENERICS_LP_CCOUNT=0.01,
RCVD_IN_ABUSIX_WHITE=-2, RCVD_IN_DNSWL_NONE=-0.0001,
T_RCVD_IN_CSA_WHITELIST=0.01] autolearn=disabled
X-Posteo-Antispam-Signature: v=1; e=base64; a=aes-256-gcm;
d=tq7ngM2/JpxeKCE7x3oKNbzuOK5a2NHnEt9R6s548o4NWBMTE18t0Fx9xkJQ7nTZU1TM0nP2xqIosfmpQT/nSQQCVDyrJVgj2HE1PoGeP+i+dkcA9t6Uv5C9FPSCEcPE+u6/iFv5
Authentication-Results: posteo.de; dmarc=none (p=none dis=none)
header.from=sls-direkt.de
Authentication-Results: posteo.de;
dkim=pass (2048-bit key) header.d=sendnode.com [email protected]
header.b=Ms2neRyO;
dkim-atps=neutral
X-Posteo-TLS-Received-Status: TLSv1.3
Received: from mda38f.sendnode.com (mda38f.sendnode.com [185.98.184.143])
by mx04.posteo.de (Postfix) with ESMTPS id 4Gln4t192Mz10WC
for <[email protected]>; Thu, 12 Aug 2021 15:06:22 +0200 (CEST)
MIME-Version: 1.0
Date: Thu, 12 Aug 2021 15:06:09 +0200
Message-ID: <[email protected]>
From: Sparkasse Langen-Seligenstadt <[email protected]>
To: <[email protected]>
Reply-To: <[email protected]>
Subject: Herzlich willkommen!
List-Unsubscribe:
<https://mailing.sparkasse.de/-list-unsubscribe/7168/6761/701/vUQn8vSJ>,
<mailto:[email protected]?subject=7168-6761-701-vUQn8vSJ>
List-Unsubscribe-Post: List-Unsubscribe=One-Click
List-ID: <1c00.1a69.sendnode.com>
X-Abuse-ID: MTI3LjAuMC4xLTcxNjgtNjc2MS03MDEtem5lcC5jaHJmcHVyeUBjYmZncmIucXI=
X-SendJob-ID: 206828196
X-Complaints-To: <[email protected]>
X-CSA-Complaints: <[email protected]>
X-Mailer: Mailingwork
X-Fi-Abs-Verify: SFP
DKIM-Signature: v=1;
a=rsa-sha256;
q=dns/txt;
l=47242;
s=mdkv20200702;
t=1628773569;
c=relaxed/simple;
h=From:To:Reply-To:Subject:X-CSA-Complaints:List-Unsubscribe-Post:List-Unsubscribe;
d=sendnode.com;
bh=U8HbPK6DbgmQ2Aw524utUF5pT+EcPCR6uPh9N1oJDTc=;
b=Ms2neRyObxjnw/5kqX3YBADyoWW81EA2kavDX5NmBjq480N9Bv8LZgrOpBg4zM36ZjfbDIqD4v4bw0rHTFDDGehb0nDEgkK710Qhkil4Oeyrb1RoNVAFJnhM3Eh2sENnCdH6q0sMJFptEMjb9e5vf4+KHrON6VCbdJlLTv3sAPHH8b2E8GqhXinaI5PLB1JJqE8XW46VuekFMcbLvy6tRYGdy0HUciuKRkZiylneESKvzHbJ3vBrRWBNEo/8s2GaZuYNEjJsO/DOoRCZrmpJpEhcwn2/T7OneqTVtZXQOGWnsBpLJwbAamVMuwkrf7XTDSkyM74nGaT9jm3Nwh1/Ng==
Content-Type: multipart/alternative;
boundary="=_alternative_db2ca59dbda23e1a4edb30eaa2ffedc6"
Von / From: Matus Uhlar - Fantomas <mailto:[email protected]>
An / To: Newcomer01 <mailto:[email protected]>
Gesendet / Sent: Freitag, Dezember 23, 2022 um 16:54 (at 04:54 PM) +0100
Betreff / Subject: Re: [clamav-users] false positive
On Dec 23, 2022, at 03:26, newcomer01 via clamav-users
<[email protected]> wrote:
is there a way to submit a false positive "Phishing.Email.SpoofedDomain" so
that an exception can be added?
On 23.12.22 05:28, Al Varnell via clamav-users wrote:
A good start would be to tell us what the domain in question is.
What those domains in question are.
Phishing.Email.SpoofedDomain means there are two different domains in name
and URL, IIRC.
_______________________________________________
Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/listinfo/clamav-users
Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation
https://docs.clamav.net/#mailing-lists-and-chat
