|Main Archive Page > Month Archives > clamav-users archives|
On Jan 22, 2014, at 7:25 AM, Alex <email@example.com> wrote:
> On Tue, Jan 21, 2014 at 2:15 PM, Charles Swiger <firstname.lastname@example.org> wrote:
>> On Jan 21, 2014, at 10:40 AM, Alex <email@example.com> wrote:
>>> I received a number of messages on the 17th that were tagged incorrectly with:
>>> X-Amavis-Alert: INFECTED, message contains virus:
>>> I tried to figure out what the pattern was, but apparently it no longer exists?
>> There is no specific pattern responsible for the "Heuristics" type.
>> Basically, it generally indicates that the email contains URLs which take one to a
>> different site than what is being displayed to the user. The "safebrowsing" string
>> also suggests that one of the domains in question was listed on Google's blacklist
>> of sites containing suspected malware.
> So I can assume that since clamscan no longer finds a virus, that the
> string that triggered the false-positive is no longer part of the
There is no “string”. The heuristics process looks for suspicious formatting, usually involving an e-mail from a financial institution, but since this apparently comes from the Google SafeBrowsing folks, I guess you would have to find a way to ask them.
-- Al Varnell Mountain View, CA _______________________________________________ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/support/ml