PATCH - clamavmodule false positives

Gareth list-mailscanner at
Mon Aug 6 14:30:34 IST 2007

Attached is a patch for which fixes the false positives
issue with Phishing.Heuristics.Email.SpoofedDomain when using
Clamavmodule and the full message scan option.

It passes the CL_SCAN_PHISHING_DOMAINLIST option which according to the
clamavmodule source :-
Phishing module: restrict URL scanning to domains from .pdf

I believe that as this option was not previously set it is equivalent to
the following clamscan option :-
       Enable url-based heuristic phishing detection for all domains
(might lead to false positives!).

Personally I think CL_SCAN_PHISHING_DOMAINLIST should do the same as
--no-phishing-restrictedscan and not be the inverse of it. Maybe a bug.
I will contact the author about it anyway.

I dont really know what this option does exactly but it is a recommended
setting, its name seems to indicate it is related to the false positives
I was getting, and setting it does seem to have cured the problem.
-------------- next part --------------
A non-text attachment was scrubbed...
Type: text/x-patch
Size: 176 bytes
Desc: not available
Url :

More information about the MailScanner mailing list