ScamNailer False Positives
Steve Basford
steveb_clamav at sanesecurity.com
Wed Sep 12 13:25:05 IST 2012
> On Tue, 11 Sep 2012, Dan H. Eicher wrote:
>
>> Almost all the emails I get from UFL's helpdesk are marked as:
>> “ScamNailer.Phish.helpdesk_AT_ufl.edu.UNOFFICIAL” and quarantined.
> If an address is listed incorrectly, I believe the scamnailer data
> originates from http://code.google.com/p/anti-phishing-email-reply/ so you
> could look there to get false positives and no-longer-positives removed
> (Help Desk addresses can be used in spam so it might have been listed
> legitimately).
I've also whitelisted the sig on the Sanesecurity mirrors, so if you
normally grab the scamnailer.ndb file from the Sanesecurity mirrors
(instead of directly) - the sig will be gone.
ie: http://sanesecurity.co.uk/databases.htm
But the better solution is to contact anti-phishing-email-reply-discuss AT
googlegroups DOT com and ask for a removal.
Cheers,
Steve
Sanesecurity
More information about the MailScanner
mailing list