Phishing RBL?

Glenn Steen glenn.steen at gmail.com
Sat Oct 15 10:47:53 IST 2005


    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

On 14/10/05, Denis Beauchemin <Denis.Beauchemin at usherbrooke.ca> wrote:
(snip)
> Just enabled ClamAV on my servers.  About 5 minutes later I saw this
> message:
> ClamAVModule::INFECTED:: Exploit.HTML.IFrame::
> ./j9EFjc3L008255/msg-4991-81.html
>
> Then I remembered why I disabled Clam...  I cannot block all emails with
> IFrames...
>
> There seems to be the --no-html flag.  I enabled it in clamav-wrapper.
> We'll see if it does what I hope (couldn't find much info about this).
>
> Had to switch from clamavmodule to clamav, though...

I might be completely wrong, but.... I *don't* use that flag, and it
only catches really bad iframes... Not like the MS thing that catch
*all* ...So far at least.
Did you check that the IFrame in question wasn't malicious?

--
-- Glenn
email: glenn < dot > steen < at > gmail < dot > com
work: glenn < dot > steen < at > ap1 < dot > se

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!



More information about the MailScanner mailing list