Phishing.Heuristics.Email.SpoofedDomain false positives

Gareth list-mailscanner at
Mon Aug 6 12:19:03 IST 2007

I have just upgraded MailScanner and enabled full message scanning but I
am getting a few false positives on
Phishing.Heuristics.Email.SpoofedDomain against some genuine Amazon
emails and a couple of others.

Strangely when I use clamscan and scan the message file the message is
reported as being clean.

Quarantine Modified Body = no
Quarantine Whole Message = yes
Quarantine Whole Messages As Queue Files = no

How does Mailscanner save the raw mail file for clamavmodule to scan?
Could there be a slight difference which is causing the heuristics to


More information about the MailScanner mailing list