Koozali.org: home of the SME Server

whitelist a sender from the antivirus checks or remove a false positive

Offline paul.b

  • 3
  • +0/-0
  • trainee admin
hi all,
i been having a back and forth thing with the sender of an email, and being blamed that it's on my side. :?
  • wrote a line in spam assassin to whitelist the entire domain still not received it
  • sender says they have no problems with other people getting emails from that particular email address
anybody know of this as being a virus or a false positive ? i did some digging around and some are saying that it is not a virus :???:
 " <<< 552 Virus found: Heuristics.Phishing.Email.SpoofedDomain
554 5.0.0 Service unavailable "
thank you in advance :D

Offline Jean-Philippe Pialasse

  • *
  • 2,161
  • +8/-0
  • aka Unnilennium
    • http://smeserver.pialasse.com
I have similar issues with a Bank using an external service based on Amzws server for vault document exchange. The emails are really comparable to a phishing campaign with no or little respect for rfc.
I choosed not to do any exception because i would be more at risk using this service. 


They could easily fix that on their side in your case https://www.authsmtp.com/smtp-error-codes/250-virus-scanned-email-discarded.html



Offline paul.b

  • 3
  • +0/-0
  • trainee admin
I have similar issues with a Bank using an external service based on Amzws server for vault document exchange. The emails are really comparable to a phishing campaign with no or little respect for rfc.
I choosed not to do any exception because i would be more at risk using this service. 


They could easily fix that on their side in your case https://www.authsmtp.com/smtp-error-codes/250-virus-scanned-email-discarded.html


Oh yeah, i was actually looking at that link earlier, but at the same time I am thinking to hold back on the whitelisting / removing of the thing on our side for security reasons. I really wanted a second opinion too.
thank you for your reply Jean-Philippe :)


Offline paul.b

  • 3
  • +0/-0
  • trainee admin
Ok, I have emailed out the IT team of that sender and they have done nothing to fix the issue, can someone please let me know how can i whitelist that signature in the antivirus ?

Heuristics.Phishing.Email.SpoofedDomain

thank you in advance

Offline bunkobugsy

  • ****
  • 184
  • +0/-0
https://linux.die.net/man/5/clamd.conf

PhishingScanURLs BOOL
Scan URLs found in mails for phishing attempts using heuristics. This will classify "Possibly Unwanted" phishing emails as Phishing.Heuristics.Email.*
Default: yes

Seems like you need to add "PhishingScanURLs no" line to /etc/clamd.d/scan.conf via custom template