clamav-users January 2014 archive
Main Archive Page > Month Archives  > clamav-users archives
clamav-users: Re: [clamav-users] Heuristics.Safebrowsing.Suspect

Re: [clamav-users] Heuristics.Safebrowsing.Suspected false-positive help

From: Douglas Goddard <dgoddard_at_nospam>
Date: Tue Jan 21 2014 - 19:11:44 GMT
To: ClamAV users ML <clamav-users@lists.clamav.net>

This might help shed some light:

https://github.com/vrtadmin/clamav-faq/blob/master/faq/faq-safebrowsing.md

If you can locate the safebrowsing.cvd on your computer, you can unpack it
with sigtool and view at the contents.

On Tue, Jan 21, 2014 at 1:40 PM, Alex <mysqlstudent@gmail.com> wrote:

> Hi,
>
> I received a number of messages on the 17th that were tagged incorrectly
> with:
>
> X-Amavis-Alert: INFECTED, message contains virus:
> Heuristics.Safebrowsing.Suspected-phishing_safebrowsing.clamav.net
>
> I tried to figure out what the pattern was, but apparently it no longer
> exists?
>
> # sigtool --find-sigs Heuristics.Safebrowsing | sigtool --decode-sigs
>
> I've tried variations of this, but was unable to locate any signs of it.
>
> What is the proper way to search for this particular pattern, and does
> anyone have any info on what it might have been on the 17th that would
> cause such a false-positive?
>
> Thanks,
> Alex
> _______________________________________________
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
> http://www.clamav.net/support/ml
>
_______________________________________________
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/support/ml