Steve Basford wrote: > > > Wolfgang Zeikat wrote: >> Hi, >> >> a legitimate and wanted mail was hit here by >> Sanesecurity.Jurlbl.Auto.8c755e1f4b0a15ee58be79596a4ee9dd >> > Fixed. > > It also matches INetMsg.SpamDomain-2w.l-finance_com (Bill is looking at > that at the moment) As Steve pointed out to me off-list, even though this domain is is listed on several URIBLs, when used in a ClamAV signature, it is also matching on legitimate sites due to the fact that ClamAV does not support delimiters or word boundaries within their signatures. For this reason, I have also removed this domain from my signature files. Bill