550 Message contained unsafe content (Heuristics.Safebrowsing.Suspected-phishing_safebrowsing.clamav.net)

Alain, see also bug 11122.

Bug 11122 is restricted; referencing it isn't helpful :-)

Allow me to expand on this issue.

I have dozens of e-mails that are quarantined due to Suspect-phishing_safebrowsing.  These mostly come from a mailing list, which sends digest mode e-mails.  Because of the list membership, I doubt that any of the quarantined e-mails are phishing.

Diagnosing which URL(s) are triggering the report is next to impossible.

The problem is that a digest can contain dozens of emails - each of which often quotes/encapsulates a long reply thread.  Thus, there are hundreds of URLs.  For example (chosen at random):

   grep -c http: /var/spool/mqueue/dfs8O40ioF014234
   151

The log files are not helpful:
sendmail[14234]: s8O40ioF014234: Milter insert (1): header: X-Virus-Status: Infected (Heuristics.Safebrowsing.Suspected-phishing_safebrowsing.clamav.net)
sendmail[14234]: s8O40ioF014234: milter=clamav-milter, quarantine=quarantined by clamav-milter

Request:

Please log the URL(s) that trigger this rule.  That would allow the administrator to easily use the google diagnostic tool (http://www.google.com/safebrowsing/diagnostic?site=<url>) to determine the cause and get the site/sender to correct the issue (or whitelist the site).

Thanks.

Re-assigning

Phishing alerts are "Heuristics.Safebrowsing.Suspected-phishing_safebrowsing.clamav.net" and are a kind of Potentially Unwanted Application alert from phishcheck.c.

This may be driven by certain data in safebrowsing.cvd, but any actual FP complaints about Safebrowsing content needs to go to Google's Safebrowsing team who curate that data.

The follow-up request in comment #3 "please write usable information to the logs so the user can identify the affected domain which flagged the alert" is a valid request, but is a code change not a CVD issue. Moving it over.