You can report all support issues to:firstname.lastname@example.org
No easy way to say when a malicious domain is "safe". The signatures trigger on an actual URL, such as http://www.badsite.com
, so its not triggering on something more benign like www.badsite.com
, or just badsite.com. There is special logic to detect cases when we *know* its benign, such as in OSSEC reports, certain log files, etc. So if you have a case like that just send the format and we could see about creating an exclusion. Send on the file if you don't mind and we can take a look.
Another option is to create a local clamav exclusion list, which would then allow anything on your system to server up that domain, and would allow anyone to upload anything referencing that domain. Not recommended as the domains we put out are known malware/spyware sites, so that would be opening a pretty big hole in the system.